How to: Delete Microsoft Online Windows Azure “phantom” users
How to: Delete Microsoft Online Windows Azure “phantom” users
I really have no better way to describe this issue than “phantom users”.
Background:
I deployed an Exchange 2013 organization and tried to use the Microsoft Online services. I did Active Sync, assigned licenses and tried to move over my users’ Mailboxes. Unfortunately back then they were running Exchange 2010 on their servers so it was a no go. Months later I am ready again to do the migration but I come across that the users I tried on the previous attempt to bring over are failing. Instead of going through the normal “life cycle” of needing a mailbox migrated over from the OnPremise Exchange first, the system creates one for them. The workaround was to delete the user and create a new one making sure their settings/data was backed up. But as part of that troubleshooting I came across some commands to manage your OnCloud deployment user and what I’ve come to call “Phantom” users, which are users left behind that the system brings back to life instead of creating a new one.
First thing’s first: We need to connect to the Microsoft Online Servers. You need to Install the Windows Azure AD Module and then connect to it like so:
$msolcred = get-credential
connect-msolservice -credential $msolcred
If you need more information or step by step instructions there is a TechNet article referenced on this post: How to: Manage Windows Azure AD using Windows PowerShell
Once you are connected, let’s find out what users have been deleted but they remain in the system:
Get-MsolUser -ReturnDeletedUsers | FT UserP*,ObjectId
Get-MsolUser -ReturnDeletedUsers | FL
(or optionally)
Get-MsolUser -ReturnDeletedUsers -UserPrincipalName user@domain.com| FT UserP*,ObjectId
Get-MsolUser -ReturnDeletedUsers -UserPrincipalName user@domain.com| FL
Now, one you identify the user you want to delete you can do it by providing the ObjectId in the following manner:
Remove-MsolUser -ObjectId abc1234-12abc-123a-ab12-a12b3c4d5f6gah -RemoveFromRecycleBin -Force
Now if you see all those users and you just want to wipe the whole recycling bin clean as they are fine deleted you can execute the following:
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
And now this one which does the same for ALL users *not sure what some users is though:
Get-MsolUser -All -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
Love
Can we use Let's Encrypt, the free and open certificate authority?
Hola! gracias por la info, me sirvió el comando sacandole el nombre del server. En mi caso, fue una migración…
Yes 3rd option helped me too. I removed the WC key Values from config file then started working.
I know this is from 2014. But really, thank you!