Search This Blog

Saturday, March 28, 2015

Bulk Remove Azure Active Directory User and Group Using Powershell

 

[Scenario]

  • Using Azure Active Directory
  • Has used AAD Sync to sync on-premise user account and group
  • Discovered has accidently sync user account and group to Azure Active Directory but require to remove it.

It’s quite a painful experience to delete each individual user account and group from Azure Management Portal. Wonder why no multiple select option and quite annoying when it asking for confirmation and refresh. But lucky enough got powershell to do the job.

[Pre-requisite]

[ Configuration]

After install the pre-requisite, open the Azure Active Directory Module for Windows Powershell.

Connect to Azure Active Directory by entering the Global Administrator account.

$msolcred = get-credential
connect-msolservice -credential $msolcred

Export the user account to csv file format





Get-MsolUser –All | Export-CSV C:\users.csv

Open the csv file and remove the Microsoft account and Global Administrator account. We just want to remove others account and retain the Global administrator account.


Export the group to csv file format





Get-MsolGroup –All | Export-CSV C:\Groups.csv

Final step is start to remove bulk users account and groups


Remove Users





Import-CSV C:\Users.csv | Remove-MsOlUser –Force

Remove Groups





Import-CSV C:\Groups.csv | Remove-MsOlGroup –Force

Deletion process is quite long period if you’ve more than 8000 records.

9 comments:

  1. Thank you for this write up. Of all of the convoluted, confusing ways I've found to bulk delete users from Azure, yours was the easiest to perform, and it works.

    ReplyDelete
  2. this. so much this. Thanks a ton for the elegant solution

    ReplyDelete
  3. Perfect! thank you for sharing your knowledge.

    ReplyDelete
  4. can it work in a 'cloud onky' users ? Not synced by Azure AD connect ?

    ReplyDelete
  5. Worked great with AzureADConnect syncing after disabling sync and changing to these commands...

    PS C:\> Get-AzureADUser -All 1 | Export-CSV C:\users.csv
    PS C:\> Get-AzureADGroup -All 1 | Export-CSV C:\groups.csv

    Then...

    PS C:\> Import-CSV C:\users.csv | Remove-AzureADUser
    PS C:\> Import-CSV C:\groups.csv | Remove-AzureADGroup

    ReplyDelete
  6. The above commands works a charm...Thanks @TechieDJ one issue though...Don't edit in exel or at least exel 2016..It alters the stucture and will not re-import.

    ReplyDelete