PowerShell script to remove User account from SharePoint Online Site collections

Fabrice Romelard

SharePoint Online is based on the old SharePoint solution in its core system.

The User Account management is part of, and you can confirm that looking the SPUsers management:

This page will show you the list of user accounts referenced into your current site collection.

The challenge is when there is an issue into that User identification, like a user account changing the name or in case of duplication of email address (2 accounts with the referenced same email address).


There is no solution to remove the SPOUser from any visual screen, and the only solution I found is via the PowerShell command:

The following script will give you the capability to remove the defined login account from any Site collection you want (based on the filtering you can use into the Get-SPOSite options):


[string]$username = "AdminAccount@yourTenant.onmicrosoft.com"
[string]$PwdTXTPath = "C:\SECUREDPWD\ExportedPWD-$($username).txt"
[string]$SiteCollectionURL = "https://yourTenant.sharepoint.com"

[string]$LoginAccounttoRemove = "i:0#.f|membership|User.Login@yourTenant.com"

function Load-DLLandAssemblies
	[string]$defaultDLLPath = ""

	# Load assemblies to PowerShell session 

	$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"

	$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"

	$defaultDLLPath = "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"

Write-host " ------------------------------------------------------------ "
Write-host "    Removing Specific Account from specific Site collection   "
Write-host " -----------------------------------------------------------  "


$secureStringPwd = ConvertTo-SecureString -string (Get-Content $PwdTXTPath)
$adminCreds = New-Object System.Management.Automation.PSCredential $username, $secureStringPwd

Connect-SPOService -Url https://yourTenant-admin.sharepoint.com -credential $adminCreds -ErrorAction SilentlyContinue -ErrorVariable Err

#Retrieve all site collection infos
#$sitesInfo = Get-SPOSite -Template "STS#0" -Limit ALL | Sort-Object -Property url | Select *
#$sitesInfo = Get-SPOSite  -Filter  {Url -like "https://yourTenant.sharepoint.com/sites/YourSiteCollection"}  -Limit ALL | Sort-Object -Property url | Select *
$sitesInfo = Get-SPOSite -Template "BLANKINTERNET#0" -Limit ALL | Sort-Object -Property url | Select * 

[int]$i = 1;
Write-host " ===>>>   ", $sitesinfo.count + " site collections found." -ForegroundColor green

foreach ($site in $sitesInfo)
	$CheckUser = $null
	Write-host " ------------------------------------------------------------ "
	Write-host "SiteColl Number:", $i, "- of:", $sitesInfo.Count -ForegroundColor green
	$i += 1;
	Write-Host "SPO Site collection:", $site.Url, "- Title:", $site.Title -ForegroundColor magenta
	Write-Host "   => External Sharing:", $site.SharingCapability
	Write-Host "   => Site Template Used:", $site.Template
	$CheckUser = Get-SPOUser -Site $site.Url -LoginName $LoginAccounttoRemove

	if($CheckUser.count -gt 0)
		write-Host "  >>>> Removing User Account:", $LoginAccounttoRemove -ForegroundColor magenta
		$CheckUser | Format-Table
		Remove-SPOUser -Site $site.Url -LoginName $LoginAccounttoRemove
		write-Host "  >>>> User Account", $LoginAccounttoRemove, "does not exist into the site collection:", $site.Url -ForegroundColor Yellow
	Write-host " ------------------------------------------------------------ "

You can adapt that code as you want for your own case.


Fabrice Romelard


French version:

Sources used for that script:


1 Reply