Share via

Powershell to Block, remove licence and group membership of M365 user from CSV

Vikrant Trivedi 1 Reputation point
2022-09-01T05:30:45.19+00:00

I have below two commands for Powershell and it works ok. but I want to automate this script so can fetch user name from CSV file and I can just run powershell script for user offboarding

Disable user Account / Block Sign-in
Set-AzureADUser -ObjectID abcdefg@trkrish .com.au -AccountEnabled $false

o Remove ALL License
$userUPN="abcdefg@trkrish .com.au"
$userList = Get-AzureADUser -ObjectID $userUPN
$Skus = $userList | Select -ExpandProperty AssignedLicenses | Select SkuID
if($userList.Count -ne 0) {
if($Skus -is [array])
{
$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
for ($i=0; $i -lt $Skus.Count; $i++) {
$licenses.RemoveLicenses += (Get-AzureADSubscribedSku | Where-Object -Property SkuID -Value $Skus[$i].SkuId -EQ).SkuID
}
Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses
} else {
$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$licenses.RemoveLicenses = (Get-AzureADSubscribedSku | Where-Object -Property SkuID -Value $Skus.SkuId -EQ).SkuID
Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses
}
}

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,463 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 104K Reputation points MVP
    2022-09-02T18:45:26.507+00:00

    Hi @Vikrant Trivedi ,

    please try the following script.

    Create a CSV file (for instance users.csv) with your users in the following format: 

    UPN  
abcdefg@123456.com.au  
klmnop@123456.com.au

    And here is the PowerShell script: 

    # Import CSV content  
$users = Import-Csv -Path .\Junk\users.csv  
  
# Disable users  
$users  ForEach-Object {  
    Set-AzureADUser -ObjectID "$_.UPN" -AccountEnabled $false  
}  
  
# Remove ALL licenses  
$users |  ForEach-Object {  
    $userUPN = "$_.UPN"  
    $userList = Get-AzureADUser -ObjectID $userUPN  
    $Skus = $userList | Select-Object -ExpandProperty AssignedLicenses | Select-Object SkuID  
    if ($userList.Count -ne 0) {  
        if ($Skus -is [array]) {  
            $licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses  
            for ($i = 0; $i -lt $Skus.Count; $i++) {  
                $licenses.RemoveLicenses += (Get-AzureADSubscribedSku | Where-Object -Property SkuID -Value $Skus[$i].SkuId -EQ).SkuID  
            }  
            Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses  
        }  
        else {  
            $licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses  
            $licenses.RemoveLicenses = (Get-AzureADSubscribedSku | Where-Object -Property SkuID -Value $Skus.SkuId -EQ).SkuID  
            Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses  
        }  
    }  
}

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments