Note: A newer version of this article is available. The cmdlets below will be deprecated in March 2024. See the newer version for details about how to remove Azure AD user accounts using the Microsoft Graph PowerShell SDK.

When you delete a user from the Office 365 control panel they are moved into a recycle bin for 30 days so that they can be recovered easily if the deletion was not intended.

However, if you want to permanently remove a deleted user in Office 365 you can use PowerShell. For this task you will need the Azure Active Directory for PowerShell module installed on your computer.

First, connect to your Azure Active Directory by running Connect-MsolService and entering your admin credentials in the dialog box that appears.

Caution: do not proceed unless you are completely sure that you want to permanently remove the users.

PS C:Scripts> Connect-MsolService

To see a list of the deleted users run Get-MsolUser with the -ReturnDeletedUsers switch.

PS C:Scripts> Get-MsolUser -ReturnDeletedUsers
office-365-remove-deleted-users

You can remove a specific deleted user with Remove-MsolUser and the -RemoveFromRecycleBin switch.

PS C:Scripts> Remove-MsolUser -UserPrincipalName Lynn@office365bootcamp.com -RemoveFromRecycleBin

Confirm
Continue with this operation?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y

To remove all deleted users you can pipe the Get-MsolUser output to Remove-MsolUser and add the -Force switch to avoid being prompted for each removal.

Caution: be very careful here not to accidentally delete all users from your Azure Active Directory.

PS C:Scripts> Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Cybersecurity Risk Management for Active Directory

Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Bill

    since msol commands are going away what would be the Graph equivalent?

  2. Lara says

    Great work!

    I have a doubt. What will be the Command to be run, in order to view the list of permanently removed Deleted users??

    please help, I’m a Newbie

  3. Dave Hansen

    Seems like a lot of instructions start with step 2.

    O.k. I’m a newbie to powershell. What does “For this task you will need the Azure Active Directory for PowerShell module installed on your computer.” entail? Seems like that should be step one. “You should already know how to do that.” – You got me. I don’t.
    The link took me to the Microsoft documentation site – I searched for “Azure Active Directory for PowerShell” but nothing with similar sounding name came up.
    Seems like a lot of instructions tend to start with step 2.

    1. Kamen

      Hello Dave,

      Maybe you don’t need help anymore but it might help someone else. You can just try by opening one Windows PowerShell window on your computer. Make sure to open it as administrator. Then type in Install-Module MSOnline. This will install the module and then you will be able to run the command Connect-MsolService and follow the rest of the steps. More info here https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0.

    2. Freek

      For you to be able to connect to Azure with powershell you need to install a powershell module. This is an add in that you can install by following this guide: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0

      After installing the module, you can connect to Azure by using the Connect-MsolService command. This will prompt you for your office365 admin credentials. After entering your username and password your powershell session should connect to Azure/office365/exchange online and you will be able do the rest of the guide.

  4. Nigel B

    Fab instructions worked a treat, thanks

  5. Victor Max

    Used the -RemoveFromRecycleBin to remove a user, but all data gone! after a day or two we wanted to restore the deleted user onedrive but this can’t be done according to MS Support employee.

    Does anyone know if this is ossibel to restore?

    1. Nick

      You can’t restore this if you performed this command, if you delete the user from ” Deleted Users” with this powershell command, the account will permanently deleted and cannot be recovered.

      This is the reason why users stay in de “Deleted users” for 30 days, after that these accounts and data will also be permanently deleted.

  6. Clemens

    Great article, thank you very much!

  7. Goran

    This was excellent solution while there was the command get-msoluser.

    Now they removed it with the new EOL PowerShell module.
    I can’t figure out how to do it with the get-mailbox command.

    Please update this article and enlighten us how to remove permanently the deleted mailboxes.

    Thanks.

    1. Jon H

      install-module AzureAD
      install-module AzureADPreview
      install-module MSOnline

      THEN run the msol commands

  8. Ismail

    Thank you very much for this article.
    It was worked excellently.

  9. Syed Ajmal

    Use below script to delete mailboxes in bulk. Input Csv file with only one field “UPN”.

    $users = import-csv .\DeleteMsolUser.csv -delimiter “,”
    foreach ($user in $users)
    {
    $upn=$user.UPN
    Remove-MsolUser -UserPrincipalName $upn -Force
    Remove-MsolUser -UserPrincipalName $upn -RemoveFromRecycleBin -Force
    }

  10. ted

    can this be done in the SharePoint online management shell?

  11. Kyle Reyes

    Great article, thank you so much! We had a few issues working out how to remove the users that were persistent in the “Recycling Bin”, but we ended up using the following which successfully returned/removed all users found without any issues.

    Get-MsolUser -ReturnDeletedUsers -All | Where-Object { $_.ObjectId -ne $null } | ForEach-Object { Remove-MsolUser -ObjectId $_.ObjectId -RemoveFromRecycleBin -Force }

    Thanks again for the article!

    -Kyle

    1. KayVee

      Now that’s a script with balls 🙂 Nice job!

  12. Josh Ferguson

    Fantastic work as always!

    Btw, your link is dead for the “Azure Active Directory for PowerShell module”. The steps that worked for me:

    1. Install the 64-bit version of the Microsoft Online Services Sign-in Assistant: https://go.microsoft.com/fwlink/p/?LinkId=286152

    2. Install the Microsoft Azure Active Directory Module by opening Powershell and typing Install-Module MSOnline

    Keep up the GREAT work!

  13. Ricky M

    Awesome Article!!

    Was exactly what I was looking for.

    Keep up the great work!

  14. Rune U

    Just what I needed.
    Thanks.

  15. Nikki

    Very nicely put together! Thanks for the guide.

  16. sreejith

    I have a tenant admin account, which has got many domains created. users are created for each domain.

    I need to delete users of a particular domain.(when tenant admin has got many domains to manage) using powershell scripts. Could you please help me regarding this one.

    1. Bjorn Bjornsson

      you could come up with something with a little of Google’s help:
      https://technet.microsoft.com/en-us/library/dn705745.aspx

      Get-MsolPartnerContract -DomainName TENANT.onmicrosoft.com

      get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -removefromrecyclebin -force

      I post this with no responsibilty what so ever… You should try this in a test environment first!

      hope this helps you to get on the right track 🙂
      cheers.

      1. Bjorn Bjornsson

        sorry you need the tenant id again in the remove command:

        get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid “TENANT-ID” -removefromrecyclebin -force

        1. Stanislav

          Tried this today (was logged on as a reseller, tried to purge some client’s deleted users) – did not work. It turned out that you must be logged in as an account global admin to be able to delete users.

        2. Stanislav

          Sorry, just noticed the second part must have tenant ID as well. I tried this:

          get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid -removefromrecyclebin -force

          and it did not work, so I probably had to run it like this:

          get-msoluser -all -tenantid “TENANT-ID” -returndeletedusers | Remove-msoluser -tenantid “TENANT-ID” -removefromrecyclebin -force

  17. Peter

    Appreciate your well put together article – very helpful

  18. Kapil K

    Great article Paul, Thanks for sharing…..

  19. Rob Potter

    Paul – great article.

    What is the impact on the user’s OneDrive, email inbox and any content that they’ve created in SharePoint? I’ve seen conflicting reports about grace periods for those, perhaps it’s changed over the last few years.

    1. Eddie O

      Looking for answer on this as well.

      1. Sean

        They are all gone after removing from recycling bin. If you recreate them its like creating a new AD account it wont link back with the old profiles due to GUID changes.

        I have heard if you have the weight and maybe wallet its possible Microsoft can get it back for you. For legal reasons and so on this sounds plausible.
        However you are trying to permanently delete them for a reason.
        I maybe wrong in the future, if they bring in a 3rd safety net.

        1. Jason Hill

          I just removed the user from AD OU and did a sync, thus deleting the user. Ran the powershell commands to empty the recycle bin. Added user back into the OU. Ran other sync. User appeared back in portal unlicensed. Licensed user. Mailbox still there. All 50GB of it. It’s like the Herps.

          1. Jason Hill

            Did it again and waited like an hour. All good.

  20. Freddie

    Easy article, worked perfectly, thanks.

Leave a Reply