Replace owner on every flow in a tenant

Summary

The script will go through all the Power Automate flows present in the default environment or a specfic environment if provided and replace the owner on every Power Automate flow its owner of.

Example Screenshot

Implementation

Save this script to a PSM1 module file, like replace-flowOnwers.psm1. Then import the module file with Import-Module:


Import-Module replace-flowOnwers.psm1 -Verbose

The -Verbose switch lists the functions that are imported.

Once the module is imported the function Replace-PnPOwnerInFlows will be loaded and ready to use.

Warning

Please be aware this script contains a command that will remove or delete an artifact, ensure you test and understand the implications of running the script.

CLI for Microsoft 365
PnP PowerShell

Function Replace-PnPOwnerInFlows {
<#
.SYNOPSIS
Script to replace an owner in all its flows

.Description
this script looks for all flows owned by a specified user and replaces them with a new owner. You can indicate whether this should happen in a certain environment. If no value is given for the environment parameter, the default environment is used. Please note that you cannot remove the original creator of a flow. In that case this script will only add the new owner

.PARAMETER oldOwner
The UPN of the old owner

.PARAMETER newOwner
The UPN of the new owner

.Parameter environment
The name of the environment. The default environment will be used if not provided

.Example 
Replace-PnPOwnerInFlows -oldOwner "john.doe@contoso.com" -newOwner "sansa.stark@contoso.com"

.Example 
Replace-PnPOwnerInFlows -oldOwner "john.doe@contoso.com" -newOwner "sansa.stark@contoso.com" -environment "Default-0e943d12-6a07-4544-adaf-1e7c9ad82fa0"

#>    
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        $oldOwner,
        [Parameter(Mandatory = $true)]
        $newOwner,
        [Parameter(Mandatory = $false)]
        $environment
    )
    
    begin {
        #Log in to Microsoft 365
        Write-host "Ensure being logged in" -f Yellow
        $m365Status = m365 status
        if ($m365Status -match "Logged Out") {
           m365 login
        }
    }
    
    process {
        $oldOwnerAsUser = m365 entra user get --userName $oldOwner | ConvertFrom-Json
        $oldOwnerPrincipalId = $oldOwnerAsUser.id

        if(!$environment){
            $defaultEnvironment = m365 pp environment get | ConvertFrom-Json
            $environment = $defaultEnvironment.name
        }

        $flows = m365 flow list --environmentName $environment | ConvertFrom-Json

        foreach($flow in $flows) {
             $owners = m365 flow owner list --environmentName $environment --flowName $($flow.name) | ConvertFrom-Json
             foreach($owner in $owners){
                if($owner.properties.principal.id -eq $oldOwnerPrincipalId){
                    Write-Host "$oldOwner found as owner in flow with name '$($flow.displayName)'" -f DarkYellow
                    if($owner.properties.roleName -eq "Owner"){
                        Write-Host "You cannot replace the original creator of a flow. Script continues to just add the new owner" -f Gray
                    } else {
                        m365 flow owner remove --userId $oldOwnerPrincipalId --environmentName $environment --flowName $($flow.name) --confirm
                        Write-Host "Old owner '$oldOwner' successfully remove from the flow '$($flow.displayName)'" -f Green
                    }

                    m365 flow owner ensure --userName $newOwner --environmentName $environment --flowName $($flow.name) --roleName "CanEdit"
                    
                    Write-Host "New owner '$newOwner' successfully added to the flow '$($flow.displayName)'" -f Green
                }
             }
        }
    }
    
    end {
        
    }
}

Check out the CLI for Microsoft 365 to learn more at: https://aka.ms/cli-m365

Important changes coming to the way you login into CLI for Microsoft 365 (effective 9th September 2024) see Changes in PnP Management Shell registration in Microsoft 365

Function Replace-PnPOwnerInFlows {
    <#
    .SYNOPSIS
    Script to replace an owner in all its flows
     
    .Description
    this script looks for all flows owned by a specified user and replaces them with a new owner. You can indicate whether this should happen in a certain environment. If no value is given for the environment parameter, the default environment is used. Please note that you cannot remove the original creator of a flow. In that case this script will only add the new owner
     
    .PARAMETER oldOwner
    The UPN of the old owner
     
    .PARAMETER newOwner
    The UPN of the new owner
     
    .Parameter environment
    The name of the environment. The default environment will be used if not provided
     
    .Example
    Replace-PnPOwnerInFlows -oldOwner "john.doe@contoso.com" -newOwner "sansa.stark@contoso.com" -spAdminCentreUrl "https://contoso-admin.sharepoint.com/"
     
    .Example
    Replace-PnPOwnerInFlows -oldOwner "john.doe@contoso.com" -newOwner "sansa.stark@contoso.com" -environment "Default-0e943d12-6a07-4544-adaf-1e7c9ad82fa0" -spAdminCentreUrl "https://contoso-admin.sharepoint.com/"
     
    #>    
        [CmdletBinding()]
        param (
            [Parameter(Mandatory = $true)]
            $spAdminCentreUrl,
            [Parameter(Mandatory = $true)]
            $oldOwner,
            [Parameter(Mandatory = $true)]
            $newOwner,
            [Parameter(Mandatory = $false)]
            $environment
        )
        begin {
          Connect-PnPOnline -url $spAdminCentreUrl -Interactive
        }
        process {
            $oldOwnerAsUser = get-pnpentraiduser -Identity  $oldOwner ## This will only work for active users
            $oldOwnerPrincipalId = $oldOwnerAsUser.id
     
            if(!$environment){
                $defaultEnvironment = Get-PnPPowerPlatformEnvironment -IsDefault
                $environment = $defaultEnvironment.name
            }
     
            $flows = get-pnpflow -Environment $environment -AsAdmin
     
            foreach($flow in $flows) {
                 $owners = Get-PnPFlowOwner -Environment $environment -Identity $flow.Name -AsAdmin
                 foreach($owner in $owners){
                    if($owner.properties.principal.id -eq $oldOwnerPrincipalId){
                        Write-Host "$oldOwner found as owner in flow with name '$($flow.Properties.DisplayName)'" -f DarkYellow
                        if($owner.properties.roleName -eq "Owner"){
                            Write-Host "You cannot replace the original creator of a flow. Script continues to just add the new owner" -f Gray
                        } else {
                            Remove-PnPFlowOwner remove -User $oldOwnerPrincipalId -Environment $environment -Identity $flow.name -AsAdmin -force
                            Write-Host "Old owner '$oldOwner' successfully remove from the flow '$($flow.Properties.DisplayName)'" -f Green
                        }
                        Add-PnPFlowOwner -AsAdmin -Environment $environment -Identity $flow.Name -User $newOwner -Role "CanEdit"
                        Write-Host "New owner '$newOwner' successfully added to the flow '$($flow.Properties.DisplayName)'" -f Green
                    }
                 }
            }
        }
        end {
        }
    }

Check out the PnP PowerShell to learn more at: https://aka.ms/pnp/powershell

The way you login into PnP PowerShell has changed please read PnP Management Shell EntraID app is deleted : what should I do ?

Contributors

Author(s)
Nico De Cleyre
Reshmee Auckloo

Disclaimer

THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.