Delete User

Deletes a user from Azure Active Directory.

Common Properties

• Name - The custom name of the node.
• Color - The custom color of the node.
• Delay Before (sec) - Waits in seconds before executing the node.
• Delay After (sec) - Waits in seconds after executing node.
• Continue On Error - Automation will continue regardless of any error. The default value is false.

info

If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.

warning

Deleting a user is permanent and cannot be undone easily. Deleted users are moved to a recycle bin for 30 days before permanent deletion.

Inputs

• Access Id - The access ID from the Connect node. Optional if using direct credentials.
• User Id - User ID (object ID) or user principal name (email) of the user to delete. Examples:
  • User ID: 12345678-1234-1234-1234-123456789012
  • User Principal Name: john.doe@contoso.onmicrosoft.com

Options

Direct Credentials (optional - alternative to using Connect node):

• Tenant Id - Azure AD tenant ID (optional if using Access ID)
• Client Id - Azure AD application client ID (optional if using Access ID)
• Client Secret - Azure AD application client secret credential (optional if using Access ID)

Output

• Result - Deletion result message, typically "Deleted Successfully." if the operation succeeded.

How It Works

The Delete User node:

1. Authenticates using either the access ID or direct credentials
2. Sends a DELETE request to Microsoft Graph API for the specified user
3. Azure AD moves the user to the deleted items (recycle bin)
4. The user is soft-deleted and can be restored within 30 days
5. After 30 days, the user is permanently deleted

note

Deleted users can be restored within 30 days using the Microsoft Graph API or Azure Portal. After 30 days, deletion is permanent.

Examples

Delete User by Email

Remove a user account using email address:

// Using Connect node
access_id = message.access_id
user_id = "john.doe@contoso.onmicrosoft.com"

// Delete User node executes

// Output
result = "Deleted Successfully."

Delete User by Object ID

Remove a user using their unique ID:

access_id = message.access_id
user_id = "12345678-1234-1234-1234-123456789012"

// Returns: "Deleted Successfully."

Offboarding Automation

Automate employee offboarding:

// Employee data from HR system
offboarding_email = "departing.employee@contoso.onmicrosoft.com"

// Step 1: Get user information for logging
// Get User node
// User Id: offboarding_email
user_name = result.displayName
user_id = result.id

// Log offboarding
console.log("Offboarding user: " + user_name)

// Step 2: Remove from all groups (optional)
// List user's groups and remove membership

// Step 3: Disable account first (recommended)
// Update User node
// User Id: user_id
// Properties: {"accountEnabled": false}

// Step 4: Delete user
// Delete User node
// User Id: user_id

console.log("User deleted: " + user_name)

Bulk User Deletion

Delete multiple users from a list:

// List of users to delete
users_to_delete = [
    "user1@contoso.onmicrosoft.com",
    "user2@contoso.onmicrosoft.com",
    "user3@contoso.onmicrosoft.com"
]

deleted_users = []
failed_users = []

// Loop through users
for (email of users_to_delete) {
    try {
        // Delete User node
        // User Id: email

        deleted_users.push(email)
        console.log("Deleted: " + email)

        // Add delay to avoid throttling
        // Delay 1 second

    } catch (error) {
        failed_users.push({email: email, error: error.message})
        console.log("Failed to delete: " + email)
    }
}

console.log("Deleted: " + deleted_users.length)
console.log("Failed: " + failed_users.length)

Safe Deletion with Verification

Verify user before deletion:

user_email = "to.delete@contoso.onmicrosoft.com"

try {
    // Step 1: Verify user exists
    // Get User node
    // User Id: user_email

    console.log("Found user: " + result.displayName)

    // Step 2: Confirm it's the right user
    if (result.department === "Temporary") {
        // Delete User node
        // User Id: user_email

        console.log("User deleted successfully")
    } else {
        console.log("User not in Temporary department, skipping deletion")
    }

} catch (error) {
    console.log("User not found or error: " + error.message)
}

Cleanup Test Accounts

Delete test accounts matching a pattern:

// List All Users node

// Find test accounts
test_accounts = []
for (user of result.value) {
    if (user.userPrincipalName.startsWith("test.")) {
        test_accounts.push(user)
    }
}

console.log("Found " + test_accounts.length + " test accounts")

// Delete each test account
for (test_user of test_accounts) {
    // Delete User node
    // User Id: test_user.id

    console.log("Deleted: " + test_user.userPrincipalName)

    // Delay between deletions
    // Wait 1 second
}

Tips for Effective Use

• Verification: Always verify the user before deletion
• Soft delete: Users are soft-deleted and recoverable for 30 days
• Disable first: Consider disabling the account before deletion
• Logging: Log all deletion operations for audit purposes
• Error handling: Use Try-Catch to handle users that don't exist
• Bulk operations: Add delays between deletions to avoid throttling
• Backup data: Export user data before deletion if needed
• Group cleanup: Consider removing from groups before deletion

Common Errors and Solutions

"User Id cannot be empty"

Cause: The User Id input was not provided.

Solution: Provide a valid user ID or user principal name:

user_id = "john.doe@contoso.onmicrosoft.com"
// or
user_id = "12345678-1234-1234-1234-123456789012"

"Response Status is not OK - User not found"

Cause: No user exists with the specified ID or principal name.

Solution:

• Verify the user ID or email is correct
• User may have already been deleted
• Use Try-Catch to handle this gracefully

try {
    // Delete User node
    user_id = "maybe.deleted@contoso.onmicrosoft.com"
} catch (error) {
    console.log("User already deleted or not found")
}

"Either Client Secret with Tenant ID and Client ID, or Access ID must be provided"

Cause: Neither access ID nor complete credentials were provided.

Solution:

// Option 1: Use Connect node
access_id = message.access_id

// Option 2: Provide all credentials
tenant_id = "your-tenant-id"
client_id = "your-client-id"
// Set Client Secret option from vault

"Insufficient privileges"

Cause: The application doesn't have permission to delete users.

Solution:

• Verify your Azure AD app has User.ReadWrite.All permission
• Ensure admin consent has been granted
• Check that it's an Application permission, not Delegated

Best Practices

1. Verification: Always verify the user exists and is correct before deletion
2. Disable first: Disable the account before deletion as a safety measure
3. Logging: Log all deletion operations with timestamps and user details
4. Error handling: Use Try-Catch blocks for graceful error handling
5. Audit trail: Maintain records of who was deleted and when
6. Group cleanup: Remove from groups before deletion to clean up dependencies
7. Data export: Export user data before deletion if needed for compliance
8. Throttling: Add delays when deleting multiple users
9. Confirmation: Implement confirmation steps for critical deletions
10. Recovery plan: Document the process to restore accidentally deleted users

Restoring Deleted Users

Deleted users can be restored within 30 days:

1. Go to Azure Portal > Azure Active Directory > Deleted users
2. Find the user in the list
3. Click "Restore user"

Or use Microsoft Graph API to restore programmatically.

Related Nodes

• Connect - Establish Azure AD connection
• Get User - Verify user before deletion
• Update User - Disable user instead of deleting
• Create User - Create new users
• List All Users - Find users to delete
• Delete User From Group - Remove from groups before deletion