Client Side Object Model (CSOM) Permission PowerShell SharePoint SharePoint Online Subsite Users 

SharePoint Online: Remove User from Subsite Permission using PowerShell

Salaudeen Rajack 2 Comments

Requirement: Remove user from a SharePoint Online subsite

How to remove a User from SharePoint Online Subsite?

To remove a user from SharePoint Online subsite,

  1. Remove user from all groups of the site
    sharepoint online powershell to remove user from subsite
  2. Remove user from direct permissions of the site (if any)
    remove user from sharepoint online subsite

But the problem is: We’ve to check each group and direct permissions to remove a user from site. So, let’s remove user permissions in SharePoint Online using PowerShell!

SharePoint Online: Remove User from Subsite Permission using PowerShell

Here is how to remove user permissions in SharePoint Online using PowerShell 

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
  
#Set parameter values
$SiteURL="https://crescent.sharepoint.com/sites/marketing/2018"
$UserID="[email protected]"
 
Try {
    #Get Credentials to connect
    $Cred= Get-Credential
   
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
  
    #Get the web
    $Web=$Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()
 
    #Frame Login Name
    $LoginName = "i:0#.f|membership|"+$UserID
 
    #Get the User to Delete
    $User = $Web.SiteUsers.GetByLoginName($LoginName)
    $Ctx.ExecuteQuery()

    #Remove User from All Groups of the site
    $Ctx.Load($User.Groups)
    $Ctx.ExecuteQuery() 
    ForEach($Group in $User.Groups)
    {
        $Group.Users.RemoveByLoginName($LoginName)
        Write-host -f Yellow "`tRemoved User from the Group:" $Group.Title
    }
    $Ctx.ExecuteQuery()
 
    #Remove the user from direct permissions, if any
    $Ctx.Load($Web.RoleAssignments)
    $ctx.ExecuteQuery()

    ForEach($RoleAssignment in $Web.RoleAssignments)
    { 
        $Ctx.Load($RoleAssignment.Member)
        $Ctx.executeQuery()
 
        #Check direct permissions
        if($RoleAssignment.Member.PrincipalType -eq "User")
        {
            #Is the current user is the user we search for?
            if($RoleAssignment.Member.LoginName -eq $LoginName)
            {
                #Remove User from web Permissions
                $Web.RoleAssignments.GetByPrincipal($User).DeleteObject()
                $Ctx.ExecuteQuery()
                Write-host -f Yellow "`tRemoved User from Direct Permissions of the Web!"
            }
        }
    }

    Write-Host "User: '$UserID' has been Removed from the site Successfully!" -ForegroundColor Green
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

To remove a user from site collection, use: SharePoint Online: Remove User from Site Collection using PowerShell

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

2 thoughts on “SharePoint Online: Remove User from Subsite Permission using PowerShell

  • January 7, 2020 at 1:07 AM

    This was a great script and time saver for me. The only problem i ran in to, is that MFA was in use. After a bit a research,I found out how to use MFA for $Ctx and context so I thought I would share in case anyone else runs in to this same problem.

    Replace Lines 10 – 15 with the below
    #Get Credentials to connect
    Connect-PnPOnline -Url $SiteURL -UseWebLogin

    #Setup the context
    $Ctx = Get-PnPContext

    Thanks for sharing! I’ve learned a good bit by reviewing your samples!

    Reply

Leave a Reply