Change and Delete Office 365 User Accounts with PowerShell
In this Ask the Admin, I’ll show you how to delete Office 365 users, change user properties, and restore users from the recycle bin using Windows PowerShell.
Today I’m going to continue where we left off in Create, List, and Assign Licenses to Office 365 Users with Windows PowerShell on the Petri IT Knowledgebase, with some more basic operations for managing Office 365 user accounts.
As always with PowerShell, before you can use it to manage Office 365, you’ll need to prepare your management PC if you haven’t already done so. Make sure that Microsoft Online Service Sign-in Assistant for IT Professionals RTW and either Azure Active Directory Module for Windows PowerShell (32-bit version) or Azure Active Directory Module for Windows PowerShell (64-bit version) are installed on your management PC.
For more detailed information on setting up PowerShell to manage Office 365, see How to Install the Windows PowerShell Cmdlets for Windows Azure AD and Office 365 on the Petri IT Knowledgebase.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Set or Change Password and UserPrincipalName
There are two specific cmdlets for setting user passwords and the UserPrincipalName parameter: Set-MsolUserPassword and Set-MsolUserPrincipalName respectively. Additionally, Set-MsolUserLicense should be used to change users’ licenses and is covered in my previous article.
First, make sure you are connected to your Office 365 subscription by running the cmdlet below in a PowerShell window, and entering your tenant account credentials when prompted:
To set a randomly generated password for an existing user account, type the cmdlet that follows and press ENTER, replacing [email protected] with the UserPrincipalName for the account on which you want to set a password:
To determine the password yourself and require the user to change it when they log in for the first time:
Don't forget that if you have Office 365 configured to require complex passwords, any password you try to enter using Set-MsolUserPassword, cannot be contained in the password history and must have:
- at least one lowercase character and uppercase character
- at least one non-alphanumeric character
- no spaces, tabs, or line breaks
- between 8-16 characters
Change UserPrincipalNameTo change a user's UserPrincipalName, run Set-MsolUserPrincipalName, replacing the values for –UserPrincipalName and -NewUserPrincipalName as appropriate:
To change any other account parameters, such as FirstName and DisplayName, you'll need to use the Set-MsolUser cmdlet.
Change User Account ParametersTo change a user’s FirstName, LastName and DisplayName properties to match the change in UserPrincipalName that we made above:
Disable a User AccountSet-MsolUser can also be used to disable user accounts:
To get a full list of the properties that can be changed using Set-MsolUser, run:
Delete and Restore User AccountsThe following cmdlet removes [email protected] from the directory, and sends it to the recycle bin. User accounts stay in the recycle bin for thirty days before they are permanently deleted.
Alternatively, you can permanently delete a user account by adding the –RemoveFromRecycleBin parameter:
Restore a User AccountTo get a list of users in the recycle bin:
And to restore a deleted user that's still in the recycle bin: