Powershell: Deleting Users in Microsoft 365
Intro
In large Microsoft 365 environments, administrators often need to bulk delete users—whether due to offboarding, tenant cleanup, or automation. Microsoft Graph PowerShell SDK enables safe and controlled user deletion directly from the command line.
In this article, we'll walk through how to delete users individually, in bulk, and with filters, while preserving admin accounts and providing optional CSV logging.
Prerequisites
Ensure you have the following:
Microsoft Graph PowerShell SDK installed
Global Administrator or appropriate role
Permission scopes:
User.ReadWrite.All,Directory.ReadWrite.All
To install and connect to Microsoft Graph:
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All"Delete a Single User by Email or ID
By UserPrincipalName:
Remove-MgUser -UserId "user@example.com"By Object ID:
Remove-MgUser -UserId "a12b34cd-5678-ef90-gh12-3456789ijklm"⚠️ This performs a soft delete (user is recoverable for 30 days).
Bulk Delete Users (Except Admin)
Here’s a safe script to delete all users except a defined admin account:
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"
# Define your tenant admin's email
$adminUser = Get-MgUser -UserId "admin@yourdomain.com"
$adminId = $adminUser.Id
# Fetch all users
$allUsers = Get-MgUser -All
# Filter out the admin
$usersToDelete = $allUsers | Where-Object { $_.Id -ne $adminId }
# Optional: Export list before deletion
$usersToDelete | Select DisplayName, UserPrincipalName, Id | Export-Csv -Path "UsersToDelete.csv" -NoTypeInformation
# Confirm before deletion
Write-Host "Total users to delete: $($usersToDelete.Count)" -ForegroundColor Yellow
$confirm = Read-Host "Type YES to confirm deletion"
if ($confirm -eq "YES") {
foreach ($user in $usersToDelete) {
Write-Host "Deleting user: $($user.UserPrincipalName)" -ForegroundColor Red
Remove-MgUser -UserId $user.Id -Confirm:$false
}
Write-Host "✅ Deletion completed." -ForegroundColor Green
} else {
Write-Host "❌ Deletion canceled." -ForegroundColor Red
}Targeted Deletion Examples
Delete users from a specific domain:
$usersToDelete = Get-MgUser -All | Where-Object {
$_.UserPrincipalName -like "*@oldcompany.com"
}Delete unlicensed users only:
$usersToDelete = Get-MgUser -All | Where-Object {
($_.AssignedLicenses).Count -eq 0
}Optional: Hard Delete from the Recycle Bin
After 30 days, or to manually remove users from soft-delete:
$deletedUsers = Get-MgUserDeleted
foreach ($user in $deletedUsers) {
Remove-MgUserDeleted -UserId $user.Id
}Summary
Microsoft Graph PowerShell enables full control over M365 identity management, including safe user deletion. Whether you're removing one user or cleaning up thousands, PowerShell scripts offer automation, accuracy, and safety when used responsibly.
REFERENCES
Last updated
Was this helpful?