SharePoint Online: Remove User from All Groups in a Site using PowerShell

Requirement: Remove user from all groups in a SharePoint Online Site Collection

PowerShell to Remove User from All Groups in a SharePoint Online Site

SharePoint Online: PowerShell to Remove User from All Groups

SharePoint Online administrators can use PowerShell to remove a user from all groups in a site quickly. In just a few lines of script, you can have the user removed from all groups and then deleted from the site. This can be helpful if you need to quickly remove a user from all groups for security reasons or other reasons. Let’s take a look at how this is done.

This PowerShell script gets all groups of the given user and removes them from the groups.

#Set Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$SiteUrl = "https://crescent.sharepoint.com/sites/marketing"
$UserLoginID = "i:0#.f|membership|[email protected]"

#Connect to SharePoint Online
Connect-SPOService -Url $AdminCenterURL -credential (Get-Credential)

#Get All Groups of the User
$UserGroups = Get-SPOUser -LoginName $UserLoginID -Site $SiteURL | Select -ExpandProperty Groups

#Remove User from all Groups
$UserGroups | ForEach-Object { Remove-SPOUser -Group $_ -Site $SiteUrl -LoginName $UserLoginID}

Run this script in SharePoint Online Management Shell. This will remove the user from any groups they were added to, including members of the site’s Owners group (Not the site collection admin, though!). If you need to remove a user from a SharePoint Online group, you can refer to How to Remove a User from Group in SharePoint Online using PowerShell?

Remove User from All Groups using PowerShell CSOM

Site administrators can use this CSOM PowerShell to manage site users and groups. Let me show you how to remove a user from all groups in a given SharePoint Online site using PowerShell.

#Load SharePoint Online Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to remove all users from a group
Function Remove-UserFromAllGroups()
{
  param
    (
        [Parameter(Mandatory=$true)] [string] $SiteURL,
        [Parameter(Mandatory=$true)] [string] $UserID
    )
   Try {
        $Cred= Get-Credential
  
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
          
        #Get all Groups from the site
        $Groups=$Ctx.web.SiteGroups
        $Ctx.Load($Groups)
        $Ctx.ExecuteQuery()

        #Iterate through Each Group
        Foreach($Group in $Groups)
        {
            #Get all users from the group
            $Ctx.Load($Group.Users)
            $Ctx.ExecuteQuery()

            ForEach($User in $Group.Users)
            {
                If($User.LoginName -eq $UserID)
                {
                    $Group.Users.RemoveByLoginName($User.LoginName)
                    Write-host "User Removed from Group:"$Group.Title  -ForegroundColor Green        
                }
            }
            $Ctx.ExecuteQuery()
        }        
    }
    Catch {
        write-host -f Red "Error Removing All Users from Group!" $_.Exception.Message
    }
} 

#Set parameter values
$SiteURL = "https://crescent.sharepoint.com/sites/marketing"
$UserID= "i:0#.f|membership|[email protected]"
 
#Call the function to remove user from all groups
Remove-UserFromAllGroups -SiteURL $SiteURL -UserID $UserID

PnP PowerShell to Remove User from All Groups in a Site

If you need to quickly remove someone from all the groups they’re a part of in a site, Here is the handy PnP PowerShell script:

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
$UserLoginID = "i:0#.f|membership|[email protected]"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get All Groups of the User
$UserGroups = Get-PnPUser -Identity $UserLoginID | Select -ExpandProperty Groups

#Remove User from all Groups
$UserGroups | ForEach-Object { Remove-PnPGroupMember -LoginName $UserLoginID -Identity $_.Title } 

Other than Group permissions, users may have direct permissions to objects in the sites. If you want to remove a user altogether from the site collection, use: How to Remove a User from SharePoint Online Site Collection using PowerShell?

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Leave a Reply

Your email address will not be published.