[ez-toc]
Introduction: Why it’s important to remove unnecessary Azure AD UPN user objects from your tenant
Step 1: Get a list of the user objects you want to delete
Step 2: Loop through the list and delete the objects one by one
Step 3: Verify that the user objects have been deleted
Conclusion: How to effectively remove Azure AD UPN user objects from your tenant using the Azure AD PowerShell module
Introduction:
Removing Azure AD UPN user objects from your tenant is important for maintaining a well-organized and secure directory. However, sometimes you may encounter issues when trying to delete these objects through the Azure AD portal. In these cases, you can use the Azure AD PowerShell module to force the deletion and ensure that the objects are removed from your tenant.
Install-Module MSonline
Install-Module is a cmdlet (command-let) in Windows PowerShell that is used to install a PowerShell module from the PowerShell Gallery. The -Name parameter specifies the name of the module to install.
For example, to install the MSonline module, which provides cmdlets for managing Azure AD and Office 365, you can use the following command:
Install-Module -Name MSonline
This command will download and install the MSonline module from the PowerShell Gallery. You may be prompted to confirm the installation and to trust the publisher of the module.
Once the module is installed, you can use the Import-Module cmdlet to import it into your current PowerShell session:
Import-Module -Name MSonline
You can then use the cmdlets in the MSonline module to manage Azure AD and Office 365, such as Get-MsolUser to get a list of users in your tenant or New-MsolUser to create a new user.
It’s important to note that you must have an internet connection and the necessary permissions to install and use the MSonline module. You may also need to install additional prerequisites, such as the Azure AD PowerShell module, depending on your environment.
Install and connect to Azure ad by using below two commands
Install-Module -Name MSonline
$msolcred = get-credential
connect-msolservice -credential $msolcred
To stop AADConnect sync use below command
Set-MsolDirSyncEnabled -EnableDirSync $false
Once you set the sync to disabled now you can delete user account by force for example in my lab i have few users to delete by force i use below commands
Remove-MsolUser –UserPrincipalName user1@Learninmylab.com -force
Remove-MsolUser –UserPrincipalName bob@Learninmylab.com -force
Remove-MsolUser –UserPrincipalName Chris@learninmylab.com -force
Remove-MsolUser –UserPrincipalName Sync_INHYD-DC01_7b4f13f1d455@Intunedemolab001.onmicrosoft.com -force
Remove-MsolUser –UserPrincipalName rob@learninmylab.com -force
Remove-MsolUser –UserPrincipalName SCCMADMIN@Learninmylab.com -force
Remove-MsolUser –UserPrincipalName AZAdmin@Learninmylab.com -force
To remvoe Groups
$GroupId = Get-MsolGroup -SearchString “MyGroup”
Remove-MsolGroup -objectid $GroupId
Remove Contact from Azure AD
In case if you have a contact please use Remove-MsolContact
By using the Azure AD PowerShell module, you can easily and effectively remove Azure AD UPN user objects from your tenant by force. This can be especially helpful if you encounter any issues or errors when trying to delete the objects through the Azure AD portal. Just make sure to double-check your filters and be careful when running the delete commands to avoid accidentally deleting any important user objects.
Understand Remove-MSolUser
Remove-MsolUser is a cmdlet (command-let) in the Azure Active Directory (Azure AD) PowerShell module that is used to delete user objects from Azure AD. This cmdlet can be useful for removing user objects that are no longer needed or that you want to remove for security reasons.
To use Remove-MsolUser, you must first install the Azure AD PowerShell module and connect to your Azure AD tenant. You can then use the cmdlet with the following syntax:
Remove-MsolUser -UserPrincipalName <UPN> [-Force] [-WhatIf] [-Confirm]
The UserPrincipalName parameter specifies the user principal name of the user object you want to delete. The Force parameter forces the deletion of the user object even if there are any dependencies or errors. The WhatIf and Confirm parameters show what would happen if the cmdlet were run without actually deleting the user object.
Remove-MsolUser is a powerful cmdlet that can be used to delete user objects from Azure AD. However, it’s important to be careful when using it to avoid accidentally deleting any important user objects. Make sure to double-check the UserPrincipalName parameter and consider using the WhatIf and Confirm parameters to verify the action before deleting any user objects.
