Photo by Ralph (Ravi) Kayden / Unsplash
Remove-MgUser - Insufficient privileges to complete the operation

Remove-MgUser - Insufficient privileges to complete the operation

Published on 11 Apr 2023

Bastien Perez
Bastien Perez

Clap

Encountering Insufficient Privileges Error in Microsoft Graph PowerShell

If you are using Microsoft Graph PowerShell to manage Microsoft 365 users, you may encounter the error message Insufficient privileges to complete the operation when trying to remove a user using the Remove-MgUser command.

For example, I would like to remove a former Azure AD Connect synchronization account :

Remove-MgUser -UserId [email protected]

I get the following error:

Error deleting user [email protected]. Insufficient privileges to complete the operation.

This error can occur even if the current user account has the correct permissions. The cause of the issue is that the user you are attempting to remove is part of an administrative role.

Solution - Adding specific Scope

Adding additional scopes can introduce security risks, so it's important to evaluate and manage the risks before adding any new scopes.

To remove a user that belongs to an administrative role, you must add the Directory.AccessAsUser.All scope to Microsoft Graph PowerShell.

Connect-MgGraph -Scopes Directory.AccessAsUser.All

You will be prompted to sign in and consent to the new permissions. Follow the prompts to complete the process.

This scope allows Microsoft Graph PowerShell to have the same access to information in Azure AD as the signed-in user.

Once the scope has been added, you should be able to successfully remove the user using the Remove-MgUser command without any issue.

Comments

banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France