Remove-AzureADUser

This article provides migration details from Remove-AzureADUser command to Microsoft Graph PowerShell.

Summary

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) User.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application User.ReadWrite.All Not available.

View more details on permissions.

The calling user must be assigned one of the following Microsoft Entra roles:

  • User Administrator
  • Privileged Authentication Administrator

To delete users with privileged administrator roles in delegated scenarios, the app must be assigned the Directory.AccessAsUser.All delegated permission, and the calling user must have a higher privileged administrator role as indicated in Who can perform sensitive actions.

In app-only scenarios, the User.ReadWrite.All application permission isn't enough privilege to delete users with privileged administrative roles. The app must be assigned a higher privileged administrator role as indicated in Who can perform sensitive actions.

Property Mapping

Azure AD Name Microsoft Graph Name
ObjectId UserId