Bulk User Deletion in Entra ID with PowerShell

Managing users in Entra ID (formerly Azure AD) can be a daunting task, especially when you need to delete multiple users at once. Whether you’re cleaning up inactive accounts, managing employee offboarding, or simply reorganizing your directory, manually deleting users one by one can be time-consuming and prone to errors.

This is where automation comes in handy. By leveraging PowerShell and Microsoft Graph, you can streamline the process, ensuring accuracy and efficiency. This script simplifies the task by automating the deletion of users listed in a CSV file, making it easier to manage large-scale user deletions with minimal effort.

In this blog post, we’ll break down the script step by step, explaining how it works and how you can customize it to fit your specific needs. Whether you’re an IT administrator looking to optimize your workflow or a PowerShell enthusiast eager to learn new tricks, this guide will provide you with the tools and knowledge to manage your Entra ID users more effectively.

In this article

Script Breakdown

Connecting to Microsoft Graph

$Scopes = "User.ReadWrite.All"
Connect-MgGraph -Scopes $Scopes

1 2	$Scopes = "User.ReadWrite.All" Connect-MgGraph -Scopes $Scopes

$Scopes: Defines the permissions required to read and write user data.
Connect-MgGraph: Establishes a connection to Microsoft Graph with the specified scopes.

Importing the List of Users

$Users = Import-CSV "C:\Temp\EntraID-Bulk-Remove-Users_SAMPLE.csv"

1	$Users = Import-CSV "C:\Temp\EntraID-Bulk-Remove-Users_SAMPLE.csv"

Import-CSV: Reads the CSV file containing the list of users to be deleted. Each row in the CSV should have a column named UserPrincipalName. Sample CSV file available here.

Iterating Through Each User

foreach ($User in $Users)
{
    $UPN = $User.UserPrincipalName

foreach ($User in $Users)

{

$UPN = $User.UserPrincipalName

foreach: Loops through each user in the CSV file.
$UPN: Stores the User Principal Name (UPN) of the current user.

Checking if the User Exists and Deleting

    try
    {
        $AADUser = Get-MgUser -UserId $UPN -ErrorAction Stop # Check if user exists
        Remove-MgUser -UserId $UPN
        Write-Host "Deleted user $UPN" -ForegroundColor Green
    }
    catch
    {
        Write-Host "WARNING: Could not delete user $UPN - User does not exist in Entra ID" -ForegroundColor Yellow
    }
}

try

{

$AADUser = Get-MgUser -UserId $UPN -ErrorAction Stop # Check if user exists

Remove-MgUser -UserId $UPN

Write-Host "Deleted user $UPN" -ForegroundColor Green

}

catch

{

Write-Host "WARNING: Could not delete user $UPN - User does not exist in Entra ID" -ForegroundColor Yellow

}

try: Attempts to execute the code block.
Get-MgUser: Checks if the user exists in Entra ID.
Remove-MgUser: Deletes the user if they exist.
Write-Host: Outputs a message indicating whether the user was deleted or not.

Conclusion

This script is a powerful tool for administrators looking to streamline user management in Entra ID. By automating the deletion process, it saves time and reduces the risk of errors. The ability to handle bulk deletions efficiently ensures that your directory remains clean and up-to-date, which is crucial for maintaining security and compliance.

Moreover, the script is highly customizable, allowing you to adapt it to your specific requirements. Whether you need to add additional checks, integrate logging mechanisms, or modify the scope of operations, PowerShell provides the flexibility to tailor the script to your needs.

Script Source

Complete script as always is available for download on azure365addict GitHub. Feel free to customize the script to fit your specific needs and improve your device management processes. If you have any questions or need further assistance, feel free to reach out!

Happy scripting!