BULK DELETE AdB2C

Question

BULK DELETE AdB2C

Abhay Chandramouli 1,056

hi I am trying to delete around 30 million users from adb2c.

I tried to bulk delete by uploading a file (csv) but seems max size is around 10mb or 50k records. That will take 600 uploades.. not feasabile
the other method is using graph api delete...

But is there a way this can be done quick ?

2 answers

Your answer

Answer 1

Hello @Abhay Chandramouli , as far as I know, there are no limitations in Azure AD for how many users you can remove at the time.

You can check the service limitation page:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

Depending on the method you are going to use to remove users, you might run into limitations that are specific to APIs or services.

Please let me know if you have any additional questions. If this answer was helpful, please click on Select Answer.

Thank you,

Vukasin

Answer 2

Marilee Turscak-MSFT 37,206 Microsoft Employee Moderator

Hi @Abhay Chandramouli ,

Thanks for your post!

You are correct that the two well-documented options are bulk deleting by uploading a CSV or using Graph API with JSON batching to combine multiple requests in one HTTP call. The CSV option has the size limit you mentioned and JSON batching has a limit of 20 requests/users in batch. There are examples of the JSON batching implementation here.

Another option would be to user Powershell and run the following script:

Connect-MsolService #sign-in using Global Admin of your B2C tenant. User should be Member of the tenant and not signed-up or guest user.  
$users = import-csv C:\temp\users.csv  
foreach ($usr in $users)  
{  
Remove-MsolUser -UserPrincipalName $usr.upn -Force  
}

I have shared your feedback with the product group though and will get back if they are able to recommend a better way to accomplish this or share a timeline for increasing the limit.

-

If the information helped you, please Accept the answer. This will help us and other community members as well.

Abhay Chandramouli 1,056 Reputation points

2022-09-16T04:43:13.35+00:00

Hi Marilee,
I tried your script
$resp = Remove-MsolUser -UserPrincipalName $usr.upn -Force
| ~~~~~~~~~~~~~~~
| The term 'Remove-MsolUser' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the
| spelling of the name, or if a path was included, verify that the path is correct and try again.

I am facing this issue

I have a Mac OS :)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2022-09-16T16:12:47.353+00:00

Hi @Abhay Chandramouli ,

You may not have the MSOnline module installed in that case. You should be able to run Install-Module MSOnline to resolve that error.
Abhay Chandramouli 1,056 Reputation points

2022-09-16T16:34:53.493+00:00

Still didnt work :)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2022-09-16T16:53:28.41+00:00

Thanks for confirming. Did you get the same error or a different one? You have to make sure you have followed the steps to connect to Azure AD Powershell. https://learn.microsoft.com/en-us/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-worldwide

The PG also got back to me that the JSON batching method is the fastest way to achieve your goals overall. You could modify the example in this thread to use the DELETE method.
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2022-09-16T18:04:23.327+00:00

Either way should work for deleting the users though. There's also an example here (which could be modified for user deletion) and I asked the PG to add an official ones as our documentation only has the generic JSON batching example.
Abhay Chandramouli 1,056 Reputation points

2022-09-17T16:51:16.447+00:00

Hi ,
Also can I know what is the throttling limit for delete user api graph ? for ADB2C.. I have seen the documentation but it doesnt suggest much.
Abhay Chandramouli 1,056 Reputation points

2022-09-17T16:52:25.703+00:00

Same Error
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2022-09-22T21:10:58.43+00:00
Please make sure you have followed these steps to install the module.

[Install the Azure AD Module][1] Install-Module MSOnline $Msolcred = Get-credential Connect-MsolService -Credential $MsolCred

The throttling limit for B2C when deleting users is dependent on your environment. https://learn.microsoft.com/en-us/graph/throttling-limits#identity-and-access-service-limits

Based on the chart in the guide, your limit should be 8k request per 10 seconds, so about 48k requests per minute (which makes sense if you're hitting the limit at 50k users).

However, any request using your App registration, that isn't a GET has a limit, depending on the signInAudience (AzureADMyOrg, MultipleOrgs, etc.):

70k per 5 minutes
60 requests per minute (PersonalAccounts)

GET users has a base unit cost of 2, so you can technically only run 24k GET user requests per minute. But the Users endpoint for DELETE or POST appear to have a1 base cost, so 48k per minute for DELETE or POST operations.

From your initial post, it doesn't sound like you're using an App Registration, so the limit should be 48k requests per minute.

Limits can be increased via support request though too. You can create a free Subscription/Billing support ticket here.

Share via

BULK DELETE AdB2C

2 answers

Your answer