SharePoint Online: Remove User from Subsite Permission using PowerShell
Requirement: Remove user from a SharePoint Online subsite
How to Remove a User from SharePoint Online Subsite?
To remove a user from SharePoint Online subsite,
SharePoint Online: Remove User from Subsite Permission using PowerShell
Here is how to remove user permissions in SharePoint Online using PowerShell
How to Remove a User from SharePoint Online Subsite?
To remove a user from SharePoint Online subsite,
- Remove user from all groups of the site
- Remove user from direct permissions of the site (if any)
SharePoint Online: Remove User from Subsite Permission using PowerShell
Here is how to remove user permissions in SharePoint Online using PowerShell
#Load SharePoint CSOM Assemblies Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #Set parameter values $SiteURL="https://crescent.sharepoint.com/sites/marketing/2018" $UserID="[email protected]" Try { #Get Credentials to connect $Cred= Get-Credential #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password) #Get the web $Web=$Ctx.Web $Ctx.Load($Web) $Ctx.ExecuteQuery() #Frame Login Name $LoginName = "i:0#.f|membership|"+$UserID #Get the User to Delete $User = $Web.SiteUsers.GetByLoginName($LoginName) $Ctx.ExecuteQuery() #Remove User from All Groups of the site $Ctx.Load($User.Groups) $Ctx.ExecuteQuery() ForEach($Group in $User.Groups) { $Group.Users.RemoveByLoginName($LoginName) Write-host -f Yellow "`tRemoved User from the Group:" $Group.Title } $Ctx.ExecuteQuery() #Remove the user from direct permissions, if any $Ctx.Load($Web.RoleAssignments) $ctx.ExecuteQuery() ForEach($RoleAssignment in $Web.RoleAssignments) { $Ctx.Load($RoleAssignment.Member) $Ctx.executeQuery() #Check direct permissions if($RoleAssignment.Member.PrincipalType -eq "User") { #Is the current user is the user we search for? if($RoleAssignment.Member.LoginName -eq $LoginName) { #Remove User from web Permissions $Web.RoleAssignments.GetByPrincipal($User).DeleteObject() $Ctx.ExecuteQuery() Write-host -f Yellow "`tRemoved User from Direct Permissions of the Web!" } } } Write-Host "User: '$UserID' has been Removed from the site Successfully!" -ForegroundColor Green } Catch { write-host -f Red "Error:" $_.Exception.Message }To remove a user from site collection, use: SharePoint Online: Remove User from Site Collection using PowerShell
This was a great script and time saver for me. The only problem i ran in to, is that MFA was in use. After a bit a research,I found out how to use MFA for $Ctx and context so I thought I would share in case anyone else runs in to this same problem.
ReplyDeleteReplace Lines 10 - 15 with the below
#Get Credentials to connect
Connect-PnPOnline -Url $SiteURL -UseWebLogin
#Setup the context
$Ctx = Get-PnPContext
Thanks for sharing! I've learned a good bit by reviewing your samples!
Hi Chris,
DeleteYou can refer this post for MFA: Connect to SharePoint Online using PowerShell with Multi-factor Authentication (MFA)