Most companies face the challenge in identifying and clean-up of
Orphaned user accounts of their employees to prevent any possible
security breach and to optimize the resource usage. Orphaned Users –
When user account is removed from the Office 365 admin center, but the
corresponding account still exists in SharePoint Online as Site User. So
in this blog, we use PowerShell script for listing and deleting Orphaned
users from SharePoint Online Site Collection.
Before starting the process, download and install the SharePoint Online
Management Shell from this
link
and execute the following PowerShell Scripts in the SharePoint Online
Management Shell by connecting to SharePoint Online using Global
Administrator credentials.
How to find and delete Orphaned Users from SharePoint Online Site
Collection
Input Parameters Required
$domainname – Office 365 domain name (“tenantname.com” or
“tenantname.onmicrosoft.com”)
$Sitename – SharePoint Online Site Collection URL (Ex –
https://tenantname.sharepoint.com)
$Output – File path to store the list of Orphaned Users (Ex –
D:FoldernameOrphanedUsers.txt)
Following PowerShell script is used to find and delete Orphaned Users
from SharePoint Online Site Collection,
NOTE: It is recommended to execute the below script as .ps1 file
with elevated privilege (Run as Administrator).
Copy the below script to notepad and save it as .ps1 file or download
ps1 from
here.
step 1 :Get the Domain name
$url=Read-Host "Enter the admin URL(https://domainanme-admin.sharepoint.com):"
Import-Module Microsoft.Online.SharePoint.Powershell -Verbose
Import-Module MSOnline
$cred= Get-Credential
step 2 :Connecting Msol Service
Connect-MsolService -Credential $cred
step 3 :Connecting SharePoint Online Service
Connect-SPOService -Url $url -Credential $cred
step 4 :Get Site Collection URL
$Sitename=Read-Host "Enter the Site Collection URL:"
step 5 :Get file Path for store output
$Output = Read-Host "Enter the Path to Store the Result:"
$strOut = "User Name"+"`r`n"
step 6 :Checking Sharepoint User in Azure AD
function Checkorphaneduser()
{
Param( [Parameter(Mandatory=$true)] [string]$AzureUser )
$ADUser=Get-Msoluser -UserPrincipalName $AzureUser -Erroraction SilentlyContinue
if ($ADUser -ne $null)
{
return $true
}
Else
{
return $false
}
}
step 7 :Get Orphaned Users from Site Collection
$Users = Get-SpoUser "$Sitename"
$OrphanedUsers = @()
foreach($User in $Users)
{
#Exclude Built-in User Accounts , Security Groups
if(($User.DisplayName.ToLower() -ne "nt authorityauthenticated users") -and
($User.LoginName.ToLower() -ne "sharepointsystem") -and
($User.LoginName.ToLower() -ne "App@Sharepoint") -and
($User.LoginName.ToLower() -notlike "ylo001_spocrwl*") -and
($user.IsGroup -eq $false ) #-and
)
{
$AccName = $User.LoginName #UserName
if ( ( Checkorphaneduser $AccName) -eq $false )
{
Write-Host "$($User.LoginName) from $($Sitename) doesn't Exists in Azure AD!"
$strOut += $User.LoginName+"`r`n"
$strOut|Out-File $Output
$OrphanedUsers+=$User.LoginName
}
}
}
step 8 :Remove Orphaned Users from Site Collection
if($OrphanedUsers.Count -eq 0)
{
Write-host "There is no Orphaned user in $($Sitename)"
}
Else
{
$Remove=Read-Host "Do You want remove Orphaned Users Yes:No :"
If($Remove.ToUpper() -eq "YES")
{
foreach($OrpUser in $OrphanedUsers)
{
Remove-SPOUser -Site $Sitename -LoginName $OrpUser
Write-host "Removed the Orphaned user $($OrpUser) from $($Sitename) "
}
}
Else{
}
}
Get-pssession |Remove-PSSession
