SharePoint Online: How to delete the account of an invited user from outside the organization
Introduction
SharePoint Online adds a new wrinkle to deleting users from a site. If you are a traditional SharePoint OnPrem administrator, you're used to working with user accounts that are part of your organization's Active Directory. If there is a problem with a user account, and you need to remove it from a site, you simply remove its permissions. You don't actually remove the user account from Active Directory. That would be handled by a network or systems administrator. However, in SharePoint Online, the case is a bit different and that's when it comes to users who are not a part of your organization, and who do not actually have user accounts in your organization's Active Directory, but who have received and accepted sharing invitations from a user who is in your organization.
If you have enabled sharing with users outside of your organization, once those users accept the sharing invitation, they are assigned special accounts in O365 that enable them to interact with the shared SharePoint resource. When that invited user no longer needs to access that resource, or if there is a mixup and that outside user needs to have a new invitation sent out, you will need to delete that outside user's O365 account.
To fully remove an outside user's account, you will need to do three things, in this order, and having these O365 Admin roles:
| Step | Action to be Performed | O365 Admin Role Needed |
| A | Delete the user from the site collection's User Information List | SharePoint Admin |
| B | Delete the user's profile from the SharePoint Online User Profile Service Application | SharePoint Admin |
| C | Delete the user from the O365 | User Admin |
This posting shows you how.
Procedure
A. Delete the user from the site collection's User Information List
First, ensure that your account is a member of the site's Site Collection Administrator group. If this is a site collection that you have previously created for the site owner, you can do this through the SharePoint Admin center. If it is a Team or Communications site created by the site owner, you will have to do this via SPO PowerShell as the site won't show up in your SharePoint Admin center's Site Collections list. Steps for using PowerShell to do this are provided in the Notes section below.
Once you have site collection administrator access level, connect to the site collection's User Information List like so:
http://siteurl/_layouts/15/people.aspx?MembershipGroupId=0
Search for the invited user's account in this list, and then delete it. This removes all of that user's user account information from the site collection.
B. Delete the user's profile from the SharePoint Online User Profile Service Application
Next, go to the SharePoint Admin center's User Profiles page, like so:
O365 Admin Center > [Show all] > Admin Centers > SharePoint > User Profiles > People > Manage User Profiles
Search for the user's profile and then delete it.
C. Delete the user from the O365 tenant
Lastly, go to the O365 Admin center's Guest Users page, like so:
O365 Admin Center > [expand] Users > Guest Users
Search for the outside's users account, and then delete it. When performing a search, use the email address that the original invitation was sent to. If you don't find the user's account there, try the Active Users listing. If you still don't find, try searching on just the user's first or last names. The search algorithm doesn't seem entirely intuitive, and I've had to try various search parameters to eventually find the target user account. Note: you can only perform this step if you also have the O365 User Admin role.
References
- External sharing overview
- About admin roles
- What is Hidden User Information (Userinfo) List in SharePoint 2010/2013 and how to fix when it causes a site collection to show old User metadata properties in People Picker control or in a Person or Group column?
- SharePoint Online: how to quickly get site collection access to a user-created teamsite or communication site
- Coaching your guest users through the External Sharing Experience
Notes
- Use this PowerShell script to get your account added to the site's Site Collection Administrator group. You must be assigned at least the SharePoint Admin role in order to successfully execute this script.
Connect-SPOService -Url "https://contoso-admin.sharepoint.com" -Credential "MyAdminAct@CONTOSO.com"
$site=Get-SPOSite -Identity "https://contoso.sharepoint.com/sites/SITE1"
Set-SPOUser -Site $site -LoginName "MyAdminAct@CONTOSO.com" -IsSiteCollectionAdmin $True
- The steps in this posting are those I perform whenever I receive a request from an SPO site collection administrator who needs one or more user accounts removed from his or her site. These are also the first set of troubleshooting steps I perform when ever I am fielded a problem from an SPO site user who is unable to connect to a site that he or she was invited to.
- For convenience, here are the various URLs pointing to site collection User Information lists (below). These work for both SharePoint Onprem and Online:
- _catalogs/users/detail.aspx
- _catalogs/users/simple.aspx
- _catalogs/users/allgroups.aspx
- _layouts/15/people.aspx?MembershipGroupId=0