- March 8, 2018
- Posted by: Surender Kumar
- Categories: Office 365, PowerShell
Permanently Delete Office 365 Users
Table of Contents
If you’re managing an Office 365 account, you might have noticed that when you delete a user from Office 365 admin center, it is moved into recycle bin for 30 days so that it can be recovered easily if it was deleted accidentally. But what if you actually want to permanently delete the user even from recycle bin? There is no such option in Admin center GUI to remove the user(s) from recycle bin. Fortunately you can do it via Windows PowerShell.
In this article, I will show you how to create a new user and then how to remove the user from Office 365 recycle bin.
For this you need to install the Azure Active Directory module for PowerShell on your computer. This is fairly simple and can be done via Install-Module MSOnline.
Installing Azure Active Directory Module for PowerShell
Open an elevated PowerShell console session and type the command as shown below:
PS D:\MyScripts> Install-Module MSOnline Untrusted repository You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'? &Yes Yes to &All &No No to A&ll &Suspend Y PS D:\MyScripts>
When you run this command, you will see a warning of Untrusted repository. You’ve to type Y and hit enter. Then wait for module to get installed.
Connecting to Azure Active Directory
First, connect to your Azure Active Directory by running Connect-MsolService. I will use Get-Credential cmdlet to store the credentials securely into a variable and then use these credentials to connect to Azure Active Directory.
Now I can use Connect-MsolService command with –Credential parameter to connect as shown below.
PS D:\MyScripts> Connect-MsolService -Credential $UserCredential
Creating New User in Azure Active Directory
To create a new user, use New-MsolUser cmdlet as shown below:
PS D:\MyScripts> New-MsolUser -UserPrincipalName [email protected] -DisplayName "Rahul Sharma" -FirstName "Rahul" -LastName "Sharma"
The New-MsolUser cmdlet has two required parameters (-UserPrincipalName and -DisplayName) that you have to specify. You can also use -Password parameter to specify a custom password. If you omit the -Password parameter, a random password will be chosen.
To list all the users, use Get-MsolUser cmdlet as shown below.
PS D:\MyScripts> Get-MsolUser UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- [email protected] Rajesh Kumar False [email protected] Ravi Kumar False [email protected] Ajay Kumar False [email protected] Surender Kumar True r[email protected] Rahul Sharma False PS D:\MyScripts>
Deleting Users From Azure Active Directory
After connecting to Azure active directory, use Remove-MsolUser cmdlet to delete a user.
PS D:\MyScripts> Remove-MsolUser -UserPrincipalName [email protected] -Force
Above command moves the user to recycle bin and it will remain there for 30 days.
To list deleted users, use Get-MsolUser cmdlet with –ReturnDeletedUsers parameter.
PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- [email protected] Rahul Sharma False [email protected] Rajesh Kumar False ra[email protected] Ravi Kumar False [email protected] Ajay Kumar False
To permanently delete the user (removing from recycle bin), use Remove-MsolUser cmdlet with –RemoveFromRecycleBin parameter as shown below.
PS D:\MyScripts> Remove-MsolUser -UserPrincipalName [email protected] -RemoveFromRecycleBin -Force
Now if you look at the list of deleted users once again, you will no longer find user with UPN [email protected] in there.
PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- email@example.com Rajesh Kumar False firstname.lastname@example.org Ravi Kumar False [email protected] Ajay Kumar False
Removing All Users From Recycle Bin
To remove all the deleted users from recycle bin, you can pipe the Get-MsolUser result to Remove-MsolUser cmdlet and add the -Force switch to avoid being prompted for each user.
Caution: Be very careful while running following command. You could accidentally delete all users from your Azure Active Directory.
PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
Now if you look at the list of deleted users once again, you will find nothing in there.
PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers PS D:\MyScripts>
This is just a gist of tasks you can do in Office 365 via PowerShell. There are whole lot of things you can do. Azure Active Directory module for PowerShell offers you following cmdlets that you can use to work with Office 365
PS D:\MyScripts> Get-Command -Module MSOnline | Select Name Name ---- Add-MsolAdministrativeUnitMember Add-MsolForeignGroupToRole Add-MsolGroupMember Add-MsolRoleMember Add-MsolScopedRoleMember Confirm-MsolDomain Confirm-MsolEmailVerifiedDomain Connect-MsolService Convert-MsolDomainToFederated Convert-MsolDomainToStandard Convert-MsolFederatedUser Disable-MsolDevice Enable-MsolDevice Get-MsolAccountSku Get-MsolAdministrativeUnit Get-MsolAdministrativeUnitMember Get-MsolCompanyAllowedDataLocation Get-MsolCompanyInformation Get-MsolContact Get-MsolDevice Get-MsolDeviceRegistrationServicePolicy Get-MsolDirSyncConfiguration Get-MsolDirSyncFeatures Get-MsolDirSyncProvisioningError Get-MsolDomain Get-MsolDomainFederationSettings Get-MsolDomainVerificationDns Get-MsolFederationProperty Get-MsolGroup Get-MsolGroupMember Get-MsolHasObjectsWithDirSyncProvisioningE Get-MsolPartnerContract Get-MsolPartnerInformation Get-MsolPasswordPolicy Get-MsolRole Get-MsolRoleMember Get-MsolScopedRoleMember Get-MsolServicePrincipal Get-MsolServicePrincipalCredential Get-MsolSubscription Get-MsolUser Get-MsolUserByStrongAuthentication Get-MsolUserRole New-MsolAdministrativeUnit New-MsolDomain New-MsolFederatedDomain New-MsolGroup New-MsolLicenseOptions New-MsolServicePrincipal New-MsolServicePrincipalAddresses New-MsolServicePrincipalCredential New-MsolUser New-MsolWellKnownGroup Redo-MsolProvisionContact Redo-MsolProvisionGroup Redo-MsolProvisionUser Remove-MsolAdministrativeUnit Remove-MsolAdministrativeUnitMember Remove-MsolApplicationPassword Remove-MsolContact Remove-MsolDevice Remove-MsolDomain Remove-MsolFederatedDomain Remove-MsolForeignGroupFromRole Remove-MsolGroup Remove-MsolGroupMember Remove-MsolRoleMember Remove-MsolScopedRoleMember Remove-MsolServicePrincipal Remove-MsolServicePrincipalCredential Remove-MsolUser Reset-MsolStrongAuthenticationMethodByUpn Restore-MsolUser Set-MsolADFSContext Set-MsolAdministrativeUnit Set-MsolCompanyAllowedDataLocation Set-MsolCompanyContactInformation Set-MsolCompanyMultiNationalEnabled Set-MsolCompanySecurityComplianceContactIn Set-MsolCompanySettings Set-MsolDeviceRegistrationServicePolicy Set-MsolDirSyncConfiguration Set-MsolDirSyncEnabled Set-MsolDirSyncFeature Set-MsolDomain Set-MsolDomainAuthentication Set-MsolDomainFederationSettings Set-MsolGroup Set-MsolPartnerInformation Set-MsolPasswordPolicy Set-MsolServicePrincipal Set-MsolUser Set-MsolUserLicense Set-MsolUserPassword Set-MsolUserPrincipalName Update-MsolFederatedDomain