Remove-AzureADUser
This article provides migration details from Remove-AzureADUser command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: Remove-AzureADUser
- Azure AD Module: AzureAD
- Microsoft Graph Command: Remove-MgUser (Community Examples)
- Graph Module: Microsoft.Graph.Users
- Graph Endpoint: DELETE /users/{id | userPrincipalName}
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | User.ReadWrite.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | User.ReadWrite.All | Not available. |
View more details on permissions.
The calling user must be assigned one of the following Microsoft Entra roles:
- User Administrator
- Privileged Authentication Administrator
To delete users with privileged administrator roles in delegated scenarios, the app must be assigned the Directory.AccessAsUser.All delegated permission, and the calling user must have a higher privileged administrator role as indicated in Who can perform sensitive actions.
In app-only scenarios, the User.ReadWrite.All application permission isn't enough privilege to delete users with privileged administrative roles. The app must be assigned a higher privileged administrator role as indicated in Who can perform sensitive actions.
Property Mapping
Azure AD Name | Microsoft Graph Name |
---|---|
ObjectId | UserId |