Manage orphaned flows when the owner leaves the organization

Applies to: Power Automate
Original KB number: 4556130

Summary

This article helps you manage orphaned flows in Power Automate after a flow owner leaves your organization. An orphaned flow is a flow that no longer has a valid owner. These flows can fail if they use connections tied to that user account. This article explains how admins can identify orphaned flows, assign new co-owners in the Power Platform admin center, and use PowerShell to update ownership for one flow or multiple flows. These steps help maintain business continuity and reduce failures caused by lost or invalid connections.

Check for orphaned flows

Note

Only users with appropriate privileges can view flows that don't have any valid owners.

On the environment page from Power Platform admin center, go to the Resources tab and select Flows. Look for flows that don't have an owner listed in the Owners column.

If there are many flows, select Load more to load the next set of flows. This way, you can ensure you look through all flows that might be orphaned.

Assign new co-owners to an orphaned flow

From the flow list, select the orphaned flow.
Select Share at the top of the page.
Enter a new owner name and select the new owner account.
Select Save to save your changes.

Note

If there are many flows in your organization, you can also manage orphaned flows through PowerShell cmdlets.

Manage orphaned flows through Power Automate cmdlets for administrators

Administrators can also manage flows by running Power Apps cmdlets for administrators. Make sure you install the PowerShell module if you haven't done so previously.

Fix permissions for one flow

Run the Get-AdminFlowOwnerRole cmdlet with the environment name and flow name (GUID) to get the list of users and their roles. This list shows you the current permissions set for the flow.
```
Get-AdminFlowOwnerRole -EnvironmentName <env name> -FlowName <flow name>
```
To assign a co-owner to a flow, run the Set-AdminFlowOwnerRole cmdlet with the Microsoft Entra principal object ID of the new owner.
```
Set-AdminFlowOwnerRole -EnvironmentName <env name> -FlowName <flow name> -PrincipalType User -RoleName CanEdit -PrincipalObjectId <new owner object id>
```
Note

To get the Microsoft Entra principal object ID of a user, run the Get-AzureADUser cmdlet (which is from the AzureAD module). You need to call the Connect-AzureAD cmdlet before running the Get-AzureADUser cmdlet.

Note

Azure AD and MSOnline PowerShell modules are deprecated as of March 30, 2024. To learn more, read the deprecation update. After this date, support for these modules are limited to migration assistance to Microsoft Graph PowerShell SDK and security fixes. The deprecated modules will continue to function through March, 30 2025.

We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). For common migration questions, refer to the Migration FAQ. Note: Versions 1.0.x of MSOnline may experience disruption after June 30, 2024.
Run the Get-AdminFlowOwnerRole cmdlet again to verify the new owner is in the list.

For more information on these cmdlets, see Set-AdminFlowOwnerRole and Get-AdminFlowOwnerRole.

Fix permissions for flows created by a particular user

To get the list of flows created by a given user, run the following cmdlet:
```
Get-AdminFlow -EnvironmentName <env name> -CreatedBy <user-object-id>
```
Then apply the steps in the preceding section to assign co-owners to every flow on the list.

List all orphaned flows in an environment

To get all flows that don't have valid users, loop through all flows in the environment, and verify there's at least one owner or co-owner that exists in Microsoft Entra ID. The following script provides an example:

Connect-AzureAD
$env = "<your environment name>"
$flows = Get-AdminFlow -EnvironmentName $env
foreach ($flow in $flows)
{
    $hasValidOwner = $false
    $permissions = Get-AdminFlowOwnerRole -EnvironmentName $env -FlowName $flow.FlowName
    foreach ($permission in $permissions) 
    {
        $roleType = $permission.RoleType
        
        if ($roleType.ToString() -eq "Owner" -or $roleType.ToString() -eq "CanEdit")
        {
            $userId = $permission.PrincipalObjectId
            $users = Get-AzureADUser -Filter "ObjectId eq '$userId'"

            if ($users.Length -gt 0)
            {
                $hasValidOwner = $true
                break
            }
        }
    }

    if ($hasValidOwner -eq $false)
    {
        $flow
    }
}

You can also inject the Set-AdminFlowOwnerRole cmdlet into the script to assign a co-owner for each flow that doesn't have a valid owner.

Feedback

Was this page helpful?

Last updated on 2026-04-08