In provisioning solutions it can be a good practice to add a security group from Active Directory as an additional site collection owner. Unfortunately a security group is not accepted as either primary or secondary owner. So to set a group as site collection administrator, the easiest approach I could find was to set the “IsSiteAdmin” property on the User object.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration | |
| $WebUrl = "http://teams.contoso.com/sites/team1" | |
| $SiteAdminGroup = "CONTOSO\ContosoSiteAdmins" | |
| # Set the AD group as site collection administrator | |
| $Web = Get-SPWeb $WebUrl | |
| $SiteAdminUser = $Web.EnsureUser($SiteAdminGroup) | |
| $SiteAdminUser.IsSiteAdmin = $true | |
| $SiteAdminUser.Update() |
Are Flyen 
How would you do this for SharePoint Online?
Setting “IsSiteAdmin” should also be available for SharePoint Online using CSOM: https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.client.user.issiteadmin.aspx
This can be accomplished by connecting to SPO with PowerShell. My recommended approach would be to use the OfficeDev PnP PowerShell commands: https://github.com/OfficeDev/PnP-PowerShell
You can add AD Security groups as site collection administrators like this:
Set-SPOUser -Site $SiteUrl -LoginName $Group -IsSiteCollectionAdmin $true
For more checkout my detailed blog post: https://sposcripts.com/add-site-collection-administrator/
How would you do this for all site collection within a web/app? And how would you do this for all site collection in all web/applications?
Thank you!
@Rumi, you just have to get a list of all Site Collections and then iterate through all of them