Removing external user from all SharePoint online sites

I have deleted a external user from our Microsoft 365 tenancy, however this user is still appearing in SharePoint site collection permissions/individual SharePoint site users lists…
Example they appear in -
Does anyone have or know how to use PowerShell to go through all the SharePoint online sites in our tenancy and remove this external users from the sites?
Thank you

I think I’ve seen this is as well. I can’t recall if the account disappeared on its own after the 30 day window (users are typically soft deleted so you can restore them in M365).

To answer your question, you might be able to use a Powershell command such as Remove-SPOUser to remove the entry on a site. An example to remove user jdoe might look something like:

Remove-SPOUser -Site $SiteURL -LoginName

Remove-SPOUser is part of SharePoint Online Module. There’s other modules out there that likely can do it as well (like SharePoint PNP).

They may still show up in other places though just a heads up (like date modified etc.).

Also for what it’s worth - we’ve seen situations where we’ve had to add an account with temporary site collection admin rights to a site, to fix an issue, then remove said account, and often that account still is in the list, just with no permissions. Not sure if that will happen in this case or not, but wanted to mention it.

1 Like

Thank you… but I will need to do some kind of loop/cycle for it to go through all the SharePoint sites in the tenancy to delete from them??
I need to remove them from all the sites, I know that once I delete them from Microsoft/Azure365 they will lose access but we need to remove them from all the individual sharepoint site collection permissions as well for some other reasons. We often have to add users back and this causes issues, due to them already being in the sharepoint site collection permissions using the same email address

yep, so give it a shot! Other than small snippets, we don’t write full solutions for folks here, apologies! I don’t know what your environment looks like at all, so your environment may change the approach there, but ultimately we’re here to help guide folks.

It’s up to you to come up with the actual solution. If your environment was pretty small I’d probably just loop through all the sharepoint sites and try to remove them, and ignore them if they aren’t part of the site. I’d do some googling as there’s a ton of resources out there.

For example, SharePoint Online: Get All Site Collections using PowerShell - SharePoint Diary shows you exactly how you can get all sites in your environment with one module. As environments get large, this gets more difficult.

In any case if the user is deleted you really don’t have much to worry about IMO, as they can’t login via a deleted user account. I get cleaning up is always nice if possible, though.