This post discusses about the steps that are supposed to be followed to remove an external user from SharePoint Online (Office 365). An external user is one who’s not a part of your domain (meaning his/her user account won’t be present in your on-premises Active Directory which later got synced with Azure AD nor would be present on Azure AD alone). To be more elaborative…An external user is someone outside your organization (i.e. domain) who can access your SharePoint Online sites and documents but does not have a proper license assigned to him to access SharePoint Online or any other Microsoft Office 365 services. These so called “External users” are not employees, contractors, or onsite agents for you or your affiliates.
External users inherit the use rights of the SharePoint Online customer who is inviting them to collaborate. For example, if an organization purchases an E3/E5 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site they are invited to. While external users can be invited as extended project members to perform a full range of actions on a site, they will not have the exact same capabilities as a full, paid, licensed member within your organization.
So let’s take a look at the steps to remove an external user using SharePoint Online Management Shell…
Note: Before proceeding further, make sure you have installed and configured SharePoint Online management shell in your PC. I’ve created a post on that and please check this link to access that.
- Start the SharePoint Online Management Shell.
- Type the following cmdlet:
$credential = Get-Credential
Once you enter this cmdlet you would get a windows dialog box asking for your Office 365 credentials, please enter your credentials and then validate it by using the $credential cmdlet . This will return the UPN with which you signed in.
3. Once done, run the below mentioned cmdlet to connect to your SharePoint Online tenant.
Connect-SPOService -Url https://365vignesh-admin.sharepoint.com -Credential (Get-Credential)
- Get the external user’s information (i.e. the one whom you want to remove) by running the below mentioned cmdlet.
$user = Get-SPOExternalUser -Filter firstname.lastname@example.org #Provide the email address of the user
5. Now once you have retrieved the external user’s information run the below mentioned cmdlet to remove the user as shown below
Remove-SPOExternalUser -UniqueIDs @($user.UniqueId)
Click Y to confirm to remove user as shown in the screen-shot below.
6. Once done, in order to remove the user from all the SharePoint Online site collections you need to run the below mentioned cmdlet. Please note that this command has to be ran for all the site collections where the user has been granted access to.
Here the login name is what you get when you search for this user on “Manage user profiles” section in SharePoint admin center.
7. Now remove the external user using the below mentioned cmdlet.
8. You can verify whether the user has been removed successfully by running the “Get-SPOUser” that we ran in the previous step and it should return an error stating that the user cannot be found. This confirms that the user has been removed successfully.
9. Now in addition to all the above mentioned steps you need to remove the user from the UserInfo list as well so that the user doesn’t show up in the people picker field when you search for that user. For that go to the site collection URL in question and edit the URL by adding the following string to the end of it.
For example if the site collection name is https://<vignesh>.sharepoint.com then this is how you need to edit the URL by adding the string.
10. Finally, once the user has been removed from SharePoint Online as well as the site collection in question, the external user’s profile will still show up under “Manage user profiles” section in SharePoint admin center. This is quite normal and please wait for SharePoint Online to remove the user’s profile from the SharePoint admin center. This task will take couple of hours and hence please check the status of that user’s account in SharePoint Online admin center after few hours .You would notice that the user’s profile has been removed successfully.
11. Once you have confirmed that the user’s account has been removed successfully, you need to clear the browser cache. Please note that SharePoint Online uses browser caching in several scenarios, including the People Picker. Even though a user was fully removed from the system, he or she may still remain in the browser cache. Clearing the browser cache should resolve this issue
Thanks for reading this post ….Happy SharePointing!!!