How to find and delete Orphaned Users from SharePoint Online

 Office 365, SharePoint Online, Perumal
Mar 20 2016

Most companies face the challenge in identifying and clean-up of Orphaned user accounts of their employees to prevent any possible security breach and to optimize the resource usage. Orphaned Users - When user account is removed from the Office 365 admin center, but the corresponding account still exists in SharePoint Online as Site User. So in this blog, we use PowerShell script for listing and deleting Orphaned users from SharePoint Online Site Collection.

Before starting the process, download and install the SharePoint Online Management Shell from this link and execute the following PowerShell Scripts in the SharePoint Online Management Shell by connecting to SharePoint Online using Global Administrator credentials.

How to find and delete Orphaned Users from SharePoint Online Site Collection

Input Parameters Required
$domainname - Office 365 domain name (“” or “”)
$Sitename - SharePoint Online Site Collection URL (Ex -
$Output - File path to store the list of Orphaned Users (Ex - D:\Foldername\OrphanedUsers.txt)

Following PowerShell script is used to find and delete Orphaned Users from SharePoint Online Site Collection,

NOTE: It is recommended to execute the below script as .ps1 file with elevated privilege (Run as Administrator).

Copy the below script to notepad and save it as .ps1 file or download ps1 from here.

step 1 :Get the Domain name
$url=Read-Host "Enter the admin URL("
Import-Module Microsoft.Online.SharePoint.Powershell -Verbose
Import-Module MSOnline
$cred= Get-Credential
step 2 : Connecting Msol Service
Connect-MsolService -Credential $cred
step 3 : Connecting SharePoint Online Service
Connect-SPOService -Url $url -Credential $cred 
step 4 : Get Site Collection URL
$Sitename=Read-Host "Enter the Site Collection URL:"
step 5 : Get file Path for store output
$Output = Read-Host "Enter the Path to Store the Result:"
$strOut = "User Name"+"`r`n"
step 6 : Checking Sharepoint User in Azure AD
function Checkorphaneduser()
    Param( [Parameter(Mandatory=$true)] [string]$AzureUser )
    $ADUser=Get-Msoluser -UserPrincipalName $AzureUser -Erroraction SilentlyContinue
    if ($ADUser -ne $null)
           return $true
         return $false 
step 7 : Get Orphaned Users from Site Collection
$Users = Get-SpoUser "$Sitename"         
$OrphanedUsers = @()
foreach($User in $Users)
        #Exclude Built-in User Accounts , Security Groups 
        if(($User.DisplayName.ToLower() -ne "nt authority\authenticated users") -and
          ($User.LoginName.ToLower() -ne "sharepoint\system") -and
          ($User.LoginName.ToLower() -ne "App@Sharepoint") -and
          ($User.LoginName.ToLower() -notlike "ylo001\_spocrwl*") -and
          ($user.IsGroup -eq $false ) #-and
          $AccName = $User.LoginName    #UserName
            if ( ( Checkorphaneduser $AccName) -eq $false )
                Write-Host "$($User.LoginName) from $($Sitename) doesn't Exists in Azure AD!"
		          $strOut += $User.LoginName+"`r`n"
		           $strOut|Out-File $Output                   
step 8 :Remove Orphaned Users from Site Collection
if($OrphanedUsers.Count -eq 0)
Write-host "There is no Orphaned user in $($Sitename)"
   $Remove=Read-Host "Do You want remove Orphaned Users Yes:No :"
   If($Remove.ToUpper() -eq "YES")
           foreach($OrpUser in $OrphanedUsers)
	        Remove-SPOUser -Site $Sitename -LoginName $OrpUser
           Write-host "Removed the Orphaned user $($OrpUser) from $($Sitename) "
      Get-pssession |Remove-PSSession