How to: Delete Microsoft Online Windows Azure “phantom” users

How to: Delete Microsoft Online Windows Azure “phantom” users

I really have no better way to describe this issue than “phantom users”.

 

Background:

I deployed an Exchange 2013 organization and tried to use the Microsoft Online services. I did Active Sync, assigned licenses and tried to move over my users’ Mailboxes. Unfortunately back then they were running Exchange 2010 on their servers so it was a no go. Months later I am ready again to do the migration but I come across that the users I tried on the previous attempt to bring over are failing. Instead of going through the normal “life cycle” of needing a mailbox migrated over from the OnPremise Exchange first, the system creates one for them. The workaround was to delete the user and create a new one making sure their settings/data was backed up. But as part of that troubleshooting I came across some commands to manage your OnCloud deployment user and what I’ve come to call “Phantom” users, which are users left behind that the system brings back to life instead of creating a new one.

 

First thing’s first: We need to connect to the Microsoft Online Servers. You need to Install the Windows Azure AD Module and then connect to it like so:

$msolcred = get-credential

connect-msolservice -credential $msolcred

 

If you need more information or step by step instructions there is a TechNet article referenced on this post: How to: Manage Windows Azure AD using Windows PowerShell

 

Once you are connected, let’s find out what users have been deleted but they remain in the system:

Get-MsolUser -ReturnDeletedUsers | FT UserP*,ObjectId

Get-MsolUser -ReturnDeletedUsers | FL

(or optionally)

Get-MsolUser -ReturnDeletedUsers -UserPrincipalName [email protected]| FT UserP*,ObjectId

Get-MsolUser -ReturnDeletedUsers -UserPrincipalName [email protected]| FL

Now, one you identify the user you want to delete you can do it by providing the ObjectId in the following manner:

Remove-MsolUser -ObjectId abc1234-12abc-123a-ab12-a12b3c4d5f6gah -RemoveFromRecycleBin -Force

Now if you see all those users and you just want to wipe the whole recycling bin clean as they are fine deleted you can execute the following:

Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

And now this one which does the same for ALL users *not sure what some users is though:

Get-MsolUser -All -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force