SharePoint Online: Remove User from All Groups in a Site using PowerShell
Requirement: Remove a user from all groups in a SharePoint Online Site Collection.
SharePoint Online: PowerShell to Remove User from All Groups
While managing users and their permissions in SharePoint Online can be done through the user interface, it can become tedious and time-consuming for administrators when dealing with large numbers of users and groups. Fortunately, administrators can use PowerShell scripts to automate the process and quickly make bulk changes to user permissions. In this tutorial, we will show you how to remove a user from all groups in a SharePoint Online site using PowerShell. This can come in handy when an employee leaves the company or changes departments, and you need to quickly revoke their access to sensitive information.
This PowerShell script gets all groups of the given user and removes them from the groups.
#Set Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$UserLoginID = "i:0#.f|membership|salaudeen@crescent.com"
#Connect to SharePoint Online
Connect-SPOService -Url $AdminCenterURL -credential (Get-Credential)
#Get All Groups of the User
$UserGroups = Get-SPOUser -LoginName $UserLoginID -Site $SiteURL | Select -ExpandProperty Groups
#Remove User from all Groups
$UserGroups | ForEach-Object { Remove-SPOUser -Group $_ -Site $SiteUrl -LoginName $UserLoginID}
Run this script in SharePoint Online Management Shell. This will remove the user from any groups they were added to, including members of the site’s Owners group (Not the site collection admin, though!). If you need to remove a user from a SharePoint Online group, you can refer to How to Remove a User from Group in SharePoint Online using PowerShell?
Remove User from All Groups using PowerShell CSOM
Site administrators can use this CSOM PowerShell to manage site users and groups. Let me show you how to remove a user from all groups in a given SharePoint Online site using PowerShell.
#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Function to remove all users from a group
Function Remove-UserFromAllGroups()
{
param
(
[Parameter(Mandatory=$true)] [string] $SiteURL,
[Parameter(Mandatory=$true)] [string] $UserID
)
Try {
$Cred= Get-Credential
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get all Groups from the site
$Groups=$Ctx.web.SiteGroups
$Ctx.Load($Groups)
$Ctx.ExecuteQuery()
#Iterate through Each Group
Foreach($Group in $Groups)
{
#Get all users from the group
$Ctx.Load($Group.Users)
$Ctx.ExecuteQuery()
ForEach($User in $Group.Users)
{
If($User.LoginName -eq $UserID)
{
$Group.Users.RemoveByLoginName($User.LoginName)
Write-host "User Removed from Group:"$Group.Title -ForegroundColor Green
}
}
$Ctx.ExecuteQuery()
}
}
Catch {
write-host -f Red "Error Removing All Users from Group!" $_.Exception.Message
}
}
#Set parameter values
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$UserID= "i:0#.f|membership|salaudeen@crescent.com"
#Call the function to remove user from all groups
Remove-UserFromAllGroups -SiteURL $SiteURL -UserID $UserID
PnP PowerShell to Remove a User from All Groups in a Site
SharePoint Online administrators can use PowerShell to remove a user from all groups in a site quickly. In just a few lines of script, you can have the user removed from all groups and then deleted from the site. This can be helpful if you need to quickly remove a user from all groups for security reasons or other reasons.
If you need to quickly remove someone from all the groups they’re a part of in a site, Here is the handy PnP PowerShell script:
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$UserLoginID = "i:0#.f|membership|salaudeen@crescent.com"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
#Get All Groups of the User
$UserGroups = Get-PnPUser -Identity $UserLoginID | Select -ExpandProperty Groups | Where {$_.Title -notmatch "Limited Access*"}
#Remove User from all Groups
$UserGroups | ForEach-Object { Remove-PnPGroupMember -LoginName $UserLoginID -Identity $_.Title }
Other than Group permissions, users may have direct permissions to objects in the sites. If you want to remove a user altogether from the site collection, use: How to Remove a User from SharePoint Online Site Collection using PowerShell?
Conclusion
By using PowerShell scripts, administrators can streamline the process of managing users and permissions in SharePoint Online. Removing a user from all groups on a site can be done quickly and efficiently, saving time and reducing the risk of manual errors. Whether you are dealing with one user or multiple users, this process can be automated to make bulk changes in a matter of minutes.
In conclusion, using PowerShell to remove a user from all groups in a SharePoint Online site is an effective and efficient way to manage user permissions. With a few simple steps, administrators can easily keep their SharePoint environment secure and ensure that only authorized users have access to sensitive information.
