Unable to remove user license using the Set-MgUserLicense due to dependencies ?

EnterpriseArchitect 4,741 Reputation points
2023-01-12T13:57:28.9833333+00:00

Hi All,

May I know how can I recursively or automatically remove all licenses assigned to a user using the [https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users.actions/set-mguserlicense?view=graph-powershell-1.0 ?

Because I am stuck with this error:

Set-MgUserLicense : License assignment failed because service plan fe71d6c3-a2ea-4499-9778-da042bf08063 depends on the service plan(s) 5dbe027f-2339-4123-9542-606e4d348a72

Many thanks for considering my request.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,769 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,580 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,458 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 141.5K Reputation points MVP
    2023-01-12T14:03:05.2133333+00:00

    Here is what I use - setting $_.Userprincipalname to the account in question:

    [array]$SkusToRemove = Get-MgUserLicenseDetail -UserId $_.Userprincipalname

     

    Set-MgUserLicense -UserId $_.Userprincipalname -RemoveLicenses $SkusToRemove.skuId -AddLicenses @() -Confirm:$false

    [https://practical365.com/microsoft-365-license-graph-sdk/

  2. Jason Gallas 21 Reputation points
    2023-08-03T17:14:23.1666667+00:00

    I am having this issue as well. Using the following script as a base with my own Connect authentication. Was there ever a resolution?

    Connect-MgGraph -Tenant tenant.onmicrosoft.com -Scopes User.ReadWrite.All
 
#Import the list of users, or generate it dynamically as needed
$users = Import-Csv .\Users-to-disable.csv
#$users = Get-MgUser -Filter "Department eq 'Marketing'"
 
foreach ($user in $users) {
Write-Verbose "Processing licenses for user $($user.UserPrincipalName)"
try { $user = Get-MgUser -UserId $user.UserPrincipalName -ErrorAction Stop }
catch { Write-Verbose "User $($user.UserPrincipalName) not found, skipping..." ; continue }
 
$SKUs = @(Get-MgUserLicenseDetail -UserId $user.id)
if (!$SKUs) { Write-Verbose "No Licenses found for user $($user.UserPrincipalName), skipping..." ; continue }
 
foreach ($SKU in $SKUs) {
Write-Verbose "Removing license $($SKU.SkuPartNumber) from user $($user.UserPrincipalName)"
try {
Set-MgUserLicense -UserId $user.id -AddLicenses @() -RemoveLicenses $Sku.SkuId -ErrorAction Stop #-WhatIf
}
catch {
if ($_.Exception.Message -eq "User license is inherited from a group membership and it cannot be removed directly from the user.") {
Write-Verbose "License $($SKU.SkuPartNumber) is assigned via the group-based licensing feature, either remove the user from the group or unassign the group license, as needed."
continue
}
else {$_ | fl * -Force; continue} #catch-all for any unhandled errors
}}
}
    0 comments