SharePoint Online: Remove User from Subsite Permission using PowerShell
Requirement: Remove user from a SharePoint Online subsite
How to remove a User from SharePoint Online Subsite?
To remove a user from SharePoint Online subsite,
But the problem is: We’ve to check each group and direct permissions to remove a user from site. So, let’s remove user permissions in SharePoint Online using PowerShell!
SharePoint Online: Remove User from Subsite Permission using PowerShell
Here is how to remove user permissions in SharePoint Online using PowerShell
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Set parameter values
$SiteURL="https://crescent.sharepoint.com/sites/marketing/2018"
$UserID="[email protected]"
Try {
#Get Credentials to connect
$Cred= Get-Credential
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the web
$Web=$Ctx.Web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()
#Frame Login Name
$LoginName = "i:0#.f|membership|"+$UserID
#Get the User to Delete
$User = $Web.SiteUsers.GetByLoginName($LoginName)
$Ctx.ExecuteQuery()
#Remove User from All Groups of the site
$Ctx.Load($User.Groups)
$Ctx.ExecuteQuery()
ForEach($Group in $User.Groups)
{
$Group.Users.RemoveByLoginName($LoginName)
Write-host -f Yellow "`tRemoved User from the Group:" $Group.Title
}
$Ctx.ExecuteQuery()
#Remove the user from direct permissions, if any
$Ctx.Load($Web.RoleAssignments)
$ctx.ExecuteQuery()
ForEach($RoleAssignment in $Web.RoleAssignments)
{
$Ctx.Load($RoleAssignment.Member)
$Ctx.executeQuery()
#Check direct permissions
if($RoleAssignment.Member.PrincipalType -eq "User")
{
#Is the current user is the user we search for?
if($RoleAssignment.Member.LoginName -eq $LoginName)
{
#Remove User from web Permissions
$Web.RoleAssignments.GetByPrincipal($User).DeleteObject()
$Ctx.ExecuteQuery()
Write-host -f Yellow "`tRemoved User from Direct Permissions of the Web!"
}
}
}
Write-Host "User: '$UserID' has been Removed from the site Successfully!" -ForegroundColor Green
}
Catch {
write-host -f Red "Error:" $_.Exception.Message
}
To remove a user from site collection, use: SharePoint Online: Remove User from Site Collection using PowerShell
This was a great script and time saver for me. The only problem i ran in to, is that MFA was in use. After a bit a research,I found out how to use MFA for $Ctx and context so I thought I would share in case anyone else runs in to this same problem.
Replace Lines 10 – 15 with the below
#Get Credentials to connect
Connect-PnPOnline -Url $SiteURL -Interactive
#Setup the context
$Ctx = Get-PnPContext
Thanks for sharing! I’ve learned a good bit by reviewing your samples!
Hi Chris,
You can refer this post for MFA: Connect to SharePoint Online using PowerShell with Multi-factor Authentication (MFA)