Monday, August 6, 2012

Permanently Delete Office 365 MsolUser without waiting 30 Days

I have been working on a transition from Exchange 2010 to Office 365, doing a cutover conversion so that I can decommission my current Exchange Server.

The documentation, while there is a lot of it, is conflicting, misleading, and sometimes just wrong.

In any case, one of the most useful things I learned in this process was how to permanently delete MSOL users. Users that have been deleted and recreated with the same UserPrincipalName can cause all sorts of havoc.

Are you experiencing one of these problems:

  • DirSync reports:

Unable to restore user from a deleted state because of following error(s):
Value 'xx@yy.com' for property 'UserPrincipalName' conflicts with another object in the directory.
Value ‘xx@yy.com’ for property 'ProxyAddress' conflicts with another object in the directory.

  • Users can sign into https://portal.microsoftonline.com but not able to connect with a desktop client or mobile phone.
  • Multiple users show up in your Global Address List (GAL)
  • In Lync you see a the same user multiple times or you see deleted users

Well, all of these problems can be a result of deleting an account and recreating it with the same UserPrincipalName or ProxyAddress as the deleted version. Most documentation reports that the accounts will stick around for 30 days and there’s nothing you can do but wait or put a ticket into support. However, the latest version of MSOL PowerShell Tools has a fix—the latest is available from: http://onlinehelp.microsoft.com/Office365-enterprises/ff652560.aspx#BKMK_DownloadTheMOSIdentityFederationTool

The fix “Remove-MsolUser –RemoveFromRecycleBin –ObjectId ObjectId

If you don’t have the “-RemoveFromRecycleBin” parameter option, then you are not using the latest version of MSOL PowerShell Tools.

To see if this is affecting a particular user, do the following in MSOL PowerShell

Connect-MSOLService
Get-MsolUser –ReturnDeletedUsers –SearchString UserPrincipalName | select UserPrincipalName, ObjectId

The result will display all deleted mailbox containing the search string UserPrincipalName and their corresponding ObjectId’s.

To permanently delete one of the results, use the returned ObjectID in above statement in the Remove-MsolUser statement:

Remove-MsolUser -RemoveFromRecycleBin –ObjectId ObjectId

Note—this just deletes the already deleted mailbox from the recycling bin. It doesn’t do anything with the active (non-deleted) MsolUser if one happens to exist.

I ended up having a ton of deleted users from various failed attempts at migrating, and trying out SSO, so I wrote a simple PowerShell script to aid in the clearing out of deleted mailboxes. It should go without saying that if you do this, the deleted mailbox is no longer recoverable—it’s permanently deleted. For that reason, I have it show you the active user as a precaution so you can make sure the ObjectId that is about to be deleted permanently is not in fact the ObjectId of your currently active user. This script also prompts you twice to ensure you really want to permanently delete the MsolUser.

Param($searchString = $null)

function O365Logon
{
 #Must be ran from MSOL Shell
 Connect-MSOLService
}

function Main
{
 
 if ($searchString -eq $null) {
  $DeletedMailUsers = Get-MsolUser -ReturnDeletedUsers | select UserPrincipalName, ObjectId
 } else {
  $DeletedMailUsers = Get-MsolUser -SearchString $searchString -ReturnDeletedUsers | select UserPrincipalName, ObjectId
 }
 foreach($DeletedUser in $DeletedMailUsers) {
  Write-Host "The active account for" $DeletedUser.UserPrincipalName " is:"
  Get-MsolUser -UserPrincipalName $DeletedUser.UserPrincipalName | select ObjectId
  $a = Read-Host Delete $DeletedUser.UserPrincipalName $DeletedUser.ObjectId ('y/n')?
  if($a.ToLower() -eq 'y')
  {
   Remove-MsolUser -RemoveFromRecycleBin -ObjectId $DeletedUser.ObjectId
   Write-Host "Removed User " $DeletedUser.ObjectId
  }
 }

}

O365Logon
Main

To run this script, copy and save the script in notepad as PermanentlyDeleteADeletedAccount.ps1 and start an Administrative MSOL PowerShell session.

The command syntax is:

.\PermanentlyDeleteADeletedAccount.ps1
or
.\PermanentlyDeleteADeletedAccount.ps1 UserPrincipalName

Posted by Derek Sanderson at 5:25 PM
Labels: , ,

21 comments:

  1. UnknownAugust 11, 2012 at 7:20 PM

    This is the exact issue we were experiencing. Good write up. Thanks

    ReplyDelete
  2. UnknownSeptember 28, 2012 at 4:59 AM

    .Net Development platform includes of a development environment that enables .Net developers to easily and graphically build an program.

    .Net Development

    ReplyDelete
  3. @dogmodeNovember 8, 2012 at 6:37 AM

    Sweet! Thank you. Wasn't aware of the new -RemoveFromRecycleBin. Since we are in a POC phase of deployment, it would be handy to have -EmptyRecycleBin :)

    ReplyDelete
    Replies
    1. @dogmodeNovember 8, 2012 at 6:43 AM

      ...then again, there is a DIY "Empty Recycle Bin":
      Get-MsolUser -ReturnDeletedUsers | % {Remove-MsolUser -RemoveFromRecycleBin -objectid $_.ObjectID}

      Delete
  4. UnknownNovember 20, 2012 at 10:29 AM

    This comment has been removed by the author.

    ReplyDelete
  5. UnknownNovember 20, 2012 at 10:31 AM

    Thank you very much. I had many bad accounts because of an improper sync. After deleting all the bad accounts, I was able to use Dir Sync with no problems.

    ReplyDelete
  6. UnknownJanuary 31, 2013 at 2:03 PM

    Awesome post!

    Even the maroons at Microshaft didn't know this could be done. Glad to know I'm wasting my $$$ on a support contract.

    Worked like a charm, thanks again!

    ReplyDelete
  7. KNguyenFebruary 19, 2013 at 2:40 AM

    Hi
    we are using cutover to move mailbox from ex2010 to office 365
    the problem is:
    Only administrator mailbox moved
    External contacts and groups also moved
    Here is the problem:
    None of the mailboxes of other users move?
    Office 365 does not create any new users
    No deleted users in the recycle bin.
    The migration user have full access to the mailboxes.

    ReplyDelete
  8. AnonymousMarch 7, 2013 at 2:26 PM

    The following does the same as your script but for all deleted users...

    Get-MsolUser -ReturnDeletedUsers | foreach { Remove-MsolUser -ObjectId $_.ObjectId -RemoveFromRecycleBin -Force }

    http://rebootrinserepeat.wordpress.com/2013/03/07/delete-all-deleted-users-in-office-365/

    Todd

    ReplyDelete
  9. UnknownApril 17, 2013 at 7:55 AM

    Hey!
    Thank you very much for sharing this useful information. I was doing a project and for that I was looking for related information. Some of the points are very useful. Do share some more material if you have.

    Vachel
    .NET Development Chicago
    cmscentral.net

    ReplyDelete
  10. BevanMMay 8, 2013 at 8:16 AM

    Get-MsolUser -ReturnDeletedUsers | Remove-Msoluser -RemoveFromRecycleBin -force

    That'll do it

    ReplyDelete
  11. UnknownJune 12, 2013 at 5:31 AM

    Hey!
    What a commendable work you have done, with simplest of language. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.


    Vachel
    PHP Development Chicago
    .NET Development Chicago
    Chicago Development Team
    cmscentral.net

    ReplyDelete
  12. developmentAugust 12, 2013 at 5:20 AM

    .NET development, ASP development, SharePoint developmentApplication Development, Microsoft development , software development, Singapore – Total eBiz Solutions Home

    ReplyDelete
  13. top10backlinkswebsitesJanuary 13, 2014 at 4:22 AM

    I saw your post and this post is really helpful in development in the site and i get many new information related development.

    Thanks

    Ricky Broad

    http://codal.com/

    ReplyDelete
  14. Tiago R.March 5, 2014 at 2:57 PM

    I have a simpe way of removing all the accounts from recycle bin

    Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin

    ReplyDelete
  15. top10backlinkswebsitesMarch 12, 2014 at 8:47 AM

    PHP is good language to create a website and in this post you have shard such a nice and informative post regarding Php development Chicago.

    ReplyDelete
  16. UnknownNovember 14, 2014 at 1:46 AM

    .Net Development platform for applications provides you an environment in which you can develop and build up graphical program a best example of windows app development.

    ReplyDelete
  17. UnknownJanuary 12, 2016 at 1:20 AM

    Microsoft .NET is a framework used for the rapid development of desktop and web-based applications. ASP.NET is an integral part of the .NET framework, simplifying application development and allowing programmers to more efficiently build dynamic websites and web applications.
    .net development sydney

    ReplyDelete
  18. Sara SmithJanuary 3, 2017 at 7:38 AM

    This is my first time go to see at here about how to permanently delete office 365 MsolUser without waiting 30 Days and i am genuinely pleased to read everthing at one place. I also want to share with you about "Optimized360". They specializes in designing high-quality custom websites for healthcare professionals of all specialties.

    ReplyDelete
  19. Janis evansDecember 19, 2017 at 12:36 AM

    Thanks...
    quickbooks enterprise support phone number

    ReplyDelete
  20. Inwizards SoftwareAugust 17, 2019 at 2:39 AM

    It’s my first visit to this blog, it seems that you are fond of writing since so long because the selection of topics is no nice also the information which you have mentioned here is real and impressive. Really appreciate.
    .Net Development Company

    ReplyDelete

Subscribe to: Post Comments (Atom)