Managing SharePoint Online permissions efficiently is crucial for security and access control. Using PnP PowerShell, you can automate the process of removing users from SharePoint groups to maintain proper governance.
Key Topics Covered:
✔️ Checking users in a SharePoint group
✔️ Removing a user from a group
✔️ Removing multiple users from a group
✔️ Common errors and troubleshooting
Prerequisites
Before running any PowerShell commands, ensure you have:
PnP PowerShell installed
SharePoint Admin or Site Collection Admin rights
The URL of the SharePoint site you are managing
Step 1: Install and Import PnP PowerShell
If you haven’t installed PnP PowerShell, run:
Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force
Then, import the module:
Import-Module PnP.PowerShell
PnP PowerShell is ready!
Step 2: Connect to SharePoint Online
Use the following command to connect to your SharePoint Online site:
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive
🔹 Replace "yourtenant" with your SharePoint tenant name.
🔹 Replace "yoursite" with your actual site name.
Connected successfully!
Step 3: List Users in a SharePoint Group
Before removing users, list all users in a specific SharePoint group:
# Define group name
$groupName = "Site Members"
# Get users in the group
Get-PnPGroupMembers -Identity $groupName
🔹 Replace "Site Members" with the actual SharePoint group name.
User list retrieved!
Step 4: Remove a User from a SharePoint Group
To remove a specific user from a group:
# Define variables
$groupName = "Site Members"
$userEmail = "user@yourdomain.com"
# Remove user from group
Remove-PnPGroupMember -LoginName $userEmail -Identity $groupName
🔹 Replace "user@yourdomain.com" with the actual user’s email.
🔹 Replace "Site Members" with the correct group name.
User removed successfully!
Step 5: Remove Multiple Users from a SharePoint Group
If you need to remove multiple users from a group at once:
# Define variables
$groupName = "Site Members"
$userEmails = @("user1@yourdomain.com", "user2@yourdomain.com")
# Loop through users and remove them from the group
foreach ($user in $userEmails) {
Remove-PnPGroupMember -LoginName $user -Identity $groupName
Write-Host "Removed $user from $groupName"
}
🔹 Replace "user1@yourdomain.com" and "user2@yourdomain.com" with actual user emails.
🔹 The script will loop through and remove each user.
Multiple users removed!
Step 6: Remove All Users from a SharePoint Group (Except Owners)
To remove all users from a group except owners:
# Define group name
$groupName = "Site Members"
# Get all users in the group
$users = Get-PnPGroupMembers -Identity $groupName
# Remove each user from the group
foreach ($user in $users) {
Remove-PnPGroupMember -LoginName $user.LoginName -Identity $groupName
Write-Host "Removed $($user.Email) from $groupName"
}
🔹 This script fetches all users in the group and removes them.
🔹 Site Owners are not removed.
All users removed!
Common Errors & Solutions
| Error | Cause | Solution |
|---|---|---|
Group not found | Incorrect group name | Use Get-PnPGroup to verify the group name |
User not found | User isn’t in the group | Use Get-PnPGroupMembers -Identity "Group Name" to check users |
Access Denied | Insufficient permissions | Ensure you are a Site Collection Admin |
Cannot modify built-in groups | System restriction | Some groups (e.g., Owners) cannot be modified |