SharePoint Diary » Permission » External User » SharePoint Online: How to Remove External Users using PowerShell?

SharePoint Online: How to Remove External Users using PowerShell?

March 3, 2023 Salaudeen Rajack 0 Comments how to remove external user from sharepoint online, remove external user from sharepoint online, remove external user from sharepoint online powershell, sharepoint online remove external user

Requirement: Remove external users from SharePoint Online.

How to Remove an External User from SharePoint Online?

External users are people who are not part of your organization and have been invited to collaborate on a site or document (Such as partners, vendors, etc.). If you are managing SharePoint Online, There may be times when you need to remove an external user. For example, if the user is no longer needed or has left the company. This blog post will show you how to remove external users from your SharePoint Online site using PowerShell.

To remove an external user from SharePoint Online, we must delete the external user permissions from the site and then delete their profile from the SharePoint Online tenant.

Step 1: Delete External user from SharePoint Online Site Collection:

After updating the parameters, run this cmdlet to get all external users of the site collection.

#Parameters
$AdminSiteURL="https://Crescent-admin.sharepoint.com"

#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential (Get-Credential)

$SiteUrl = "https://crescent.sharepoint.com"
Get-SPOUser -Limit All -Site $SiteURL | Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}

Make a note of the Login Names returned.

Remove External User using PowerShell

Get the external users listed above and run the Remove-SPOUser cmdlet to remove the external user from the SharePoint Online site collection.

$ExternalUserID= "salaudeen_hotmail.com#ext#@crescent.com"
Remove-SPOUser -Site $SiteURL -LoginName $ExternalUserID

This script revokes access for an external user. You can delete an external user with the below method as well.

Delete External user from SharePoint Online Site Collection

You can also remove an external user in the SharePoint Online site collection from the web browser interface by following these steps:

Go to Site Settings >> People and Groups. Now the URL should look like https://YourCompany.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=XX. Change the XX to “0” and hit Enter (https://YourCompany.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=0)
Select the checkbox next to the user and click Actions >> Delete Users from Site Collection
Confirm the prompt once to remove the external user from SharePoint Online.

This removes the external user from the particular site collection.

Step 2: Remove External User from SharePoint Online Tenant

Use the Remove-SPOExternalUser cmdlet in SharePoint Online to remove external users using PowerShell. To use this cmdlet, you’ll need the unique ID of the external user.

#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Config Parameters
$AdminSiteURL="https://Crescent-admin.sharepoint.com"

#Get Credentials to connect
$Cred = Get-Credential

#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL -Credential $Cred

$ExternalUserEmail= "[email protected]"
#Get the ID of the External User
$ExternalUser = Get-SPOExternalUser -filter $ExternalUserEmail

#remove external user from sharepoint online powershell  
Remove-SPOExternalUser -UniqueIDs @($ExternalUser.UniqueId) -Confirm:$false

This removes the given user profile from the SharePoint Online tenant.

PnP PowerShell to Delete External Users

We can also delete external users from the SharePoint Online tenant using the Remove-PnPExternalUser cmdlet.

#Parameters
$TenantAdminURL = "https://crescent-admin.SharePoint.com"
$ExternalUserEmail= "[email protected]"

#Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminURL -Interactive

#Get the External User
$User = Get-PnPExternalUser -Filter $ExternalUserEmail

If($User -ne $Null)
{
    #Remove External User
    Remove-PnPExternalUser -UniqueIDs @($User.UniqueId)
    Write-host "User '$ExternalUserEmail' Removed Successfully!" -f Geeen
}
Else
{
    Write-host "User '$ExternalUserEmail' Not Found!" -f Yellow
}

This removes the external user from the SharePoint Online tenant. However, it leaves the “User Information List” intact. So, We’ll have to use Get-SPOUser and Remove-SPOUser cmdlets to delete the external user completely.

PowerShell to Delete All External Users in SharePoint Online:

How about deleting all external users in all site collections after you disabled external sharing at the tenant level? Well, To remove an external user from SharePoint Online, we’ve to delete them from both site collection permissions and SharePoint Online tenant levels.

#Import SharePoint Online Management Shell
Import-Module Microsoft.Online.Sharepoint.PowerShell -DisableNameChecking

#Config Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com"

#Connect to SharePoint Online Tenant Admin
Connect-SPOService -URL $AdminSiteURL

#Get all Site Collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-SPOSite -Limit ALL | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")

#Iterate through each site collection
ForEach($Site in $SiteCollections)
{
    Write-host -f Yellow "Checking Site Collection:"$Site.URL

    #Get All External users of the site collection
    $ExternalUsers = Get-SPOUser -Limit All -Site $Site.URL | Where {$_.LoginName -like "*#ext#*" -or $_.LoginName -like "*urn:spo:guest*"}

    #Loop through each User and remove them from site collection
    ForEach($ExtUser in $ExternalUsers)
    {
        #Remove the user from the site collection
        Remove-SPOUser -Site $Site.URL -LoginName $ExtUser.LoginName
        Write-host -f Green "`tExternal User $($ExtUser.LoginName) has been removed from site collection" 
    }
}
    #Remove All External Users at Tenenat Level
    [email protected]()
    #Get All External Users at Tenant Level
    Try {
        For ($x=0;;$x+=50) {
            $TenantExternalUsers += Get-SPOExternalUser -Position $x -PageSize 50 -ErrorAction Stop
        }
    }
    catch {}

 $TenantExternalUsers | ForEach-Object {
    Remove-SPOExternalUser @($_.UniqueId) -Confirm:$false
    Write-host -f Green "External User $($ExtUser.Email) has been removed from the tenant!"
 }

Please note: You may have to clear the browser cache if you can still find the removed external users in places like People Picker! And don’t forget to remove them from Azure AD if they are explicitly invited!

If you want to turn off external sharing in SharePoint Online, refer to How to Disable External Sharing in SharePoint Online?

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!