Couldn’t delete this user because the account is synchronized with your on-premises servers. You can delete the user from your on-premises server.

But you already DID delete them from your on-premises server!

This is all covered very well in this KB article. But in a nutshell, if you delete something from your local AD, and are using DirSync or Azure AD sync, and it doesn’t get deleted from the online tenant, you can manually delete it this way:

  1. Grab the Microsoft Online Services Sign-In Assistant for IT Professionals RTW
  2. Grab the Azure Active Directory Module for Windows PowerShell
  3. Open the power shell and run this to store your credentials

    $msolcred = get-credential

  4. Then run this to connect to Azure

    connect-msolservice -credential $msolcred

  5. Now that you’re all linked up, run this to remove that nasty orphaned object
    Remove-MsolUser –UserPrincipalName [email protected]
  6. All set!

note, there are also Remove-MsolContact and Remove-MsolGroup cmdlets for those purposes.

2 COMMENTS

  1. Hello ,

    Is there a way to delete over 200 accounts at once using this command i.e. via a CSV or Bat file in PowerShell.

    I don’t particularly want to have to enter an address 200 times !

    thanks

    • In case you didn’t find an answer or are stumbling on this answer above, try below:

      # Franck Rougier [email protected]
      #.SYNOPSIS ./Update-msolUpn.ps1
      #PowerShell script to automate this task of removing a large set of users
      # Install Azure AD modules from http://technet.microsoft.com/library/jj151815.aspx before running this.
      #
      #

      #Get Modules
      $env:PSModulePath=$env:PSModulePath+”;”+”C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell”
      $env:PSModulePath=$env:PSModulePath+”;”+”C:\Windows\System32\WindowsPowerShell\v1.0\Modules\”
      #Import-Module Azure
      Import-Module MSOnline

      Get-Credential “[email protected]” | Export-Clixml .\cred.xml #Store Credentials

      #$count = 1 #For Testing the first result

      $cred = Import-Clixml .\cred.xml

      Connect-MsolService -Credential $cred

      Get-MsolUser -All | Select-Object UserPrincipalName, Title, DisplayName, IsLicensed | export-csv –path .\MSOL_Users_BeforeDelete.csv

      #filter with StartsWith or EndsWith or remove the Where clause between the pipes eg |
      Get-MsolUser -All |
      Where { $_.UserPrincipalName.ToLower().StartsWith(“somefilter”) } |
      ForEach {
      #if($count -eq 1) #For Testing the first result
      # {
      $upnVal = $_.UserPrincipalName
      Write-Host “Deleteing UPN “$_.UserPrincipalName” to: ” $upnVal -ForegroundColor Magenta
      #I don’t know if you can use -force to avoid the confirmation, but better be safe than sorry
      Remove-MsolUser -UserPrincipalName($upnVal)
      $count++
      # }
      }

      Get-MsolUser -All | Select-Object UserPrincipalName, Title, DisplayName, IsLicensed | export-csv –path .\MSOL_Users_AfterDelete.csv

LEAVE A REPLY

Please enter your comment!
Please enter your name here