While migrating from Exchange to Office 365 I ended up creating, deleting and recreating a lot of user accounts. When you delete an user account from Office 365 it is not deleted immediately, but rather suspended. This is nice, because it means you can recover if deleted by mistake. After 30 days the user accounts are automatically permanently deleted.
Removing and recreating a user account sometimes seems to create problems, so I decided to find out how to permanently remove deleted user accounts manually. This post describes how this can be done using PowerShell and the Azure Active Directory (AD) Module. The Azure AD Module for Windows PowerShell let’s you perform AD administrative tasks such as user management, domain management and configuring single sign-on.
At the end of the post there is a set of references that I used.
This section describes the necessary steps how to install Azure AD Module and other cmdlets to be able to work with Office 365 from PowerShell.
Install Microsoft Online Services Sign-In Assistant for IT Professionals RTW
- First install Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the Microsoft Download Center. The Microsoft Online Services Sign-In Assistant (MOS SIA) provides end user sign-in capabilities to Microsoft Online Services, such as Office 365. The MOS SIA installs client components that allow common applications, such as Microsoft Outlook and Lync, to authenticate to Microsoft Online Services. The MOS SIA can also provide an improved sign-in experience, such that end users can access Microsoft Online Services without having to re-enter their credentials (such as a user name or password).
Install Azure Active Directory Module for Windows PowerShell (64-bit version)
- Download the Azure Active Directory Module for Windows PowerShell (64-bit version) and click Run to run the installer package.
- Start PowerShell as administrator. And yes, you absolutely must run Windows PowerShell as an administrator. If you do not, you will get an error message.
- Verify that the Azure Active Directory Module for Windows PowerShell (64-bit version) has been installed correctly by running the following command from PowerShell:
- Verify that PowerShell is configured to run scripts by executing the command:
- The execution policy must be set to Unrestricted or RemoteSigned. If it is set to anything else you need to change the execution policy, set it to RemoteSigned with the following command:
Permanently remove deleted accounts from Office 365
Okay with the prerequisites out of the way it is time to get down and dirty with PowerShell and permanently remove those pesky deleted accounts from Office 365.
Create a variable to hold your Office 365 credentials. After the command is executed a dialog box will be displayed. Type your Office 365 user name in the User name field, using the format [email protected] (e.g. <user>@<account>.onmicrosoft.com), then type your Office 365 password in the Password field and click OK. Please note that the Office 365 user must have administrator privileges.
$credential = Get-Credential
To view the credential run the following command.
Keep in mind that the Get-Credential cmdlet only creates the credentials object; it does not authenticate you or otherwise verify that the user name and password supplied are correct. You will only know whether you have created a valid credentials object once you actually use the object to connect to Office 365. Execute the following commands to connect to Office 365.
Import-Module MsOnline Connect-MsolService -Credential $credential
If you are connected to Office 365 successfully the command prompt will return, otherwise an error message will be displayed. Run the following command to confirm you are connected to Office 365. The command will return one or more domains managed by Office 365.
Return a list of user accounts that have been deleted using the following command.
Return a list of user accounts that have been deleted with their unique object id using the following command.
Get-MsolUser -ReturnDeletedUsers | Format-List -property UserPrincipalName, ObjectID
Permanently remove a delete a single user account with the following command.
Remove-MsolUser -ObjectID <ObjectiD> -RemoveFromRecyclebin
Permanently remove all deleted user accounts with a single command. Take note that there is no way to undo this action, so think before you act!
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecyclebin