This is a scenario where, the user was deleted from Azure AD months ago but the OneDrive secondary site collection administrator permission assignments (OneDrive secondary admin) were intact as a thumbprints. This target account supposed to be a service account utilized during a file server migration project and apparently assigned with OneDrive secondary site collection admin permission across all users in the tenancy.
The generic SharePoint Online commands did not do the job because “The user account does not exists in the AD” hence the identity validation fails at the first place. The OneDrive admin UI will do the job for a single OneDrive account but doesn’t help much in bulk operation scenarios like the one I dealt with.
Workaround: To remove this I used SharePoint PnP PowerShell command which was the only way around it.
Add yourself first in to one of the site collections (OneDrive accounts) before running the command so that you can verify the status ‘before’ and the result ‘after’.
For a single site collection (OneDrive Personal site in this case), run PowerShell as admin and execute these lines after customizing with your tenant, URL and user details. For this case, we will be using ‘Span ID’ to point to the abandoned account which usually goes as follows i:0#.f|membership|service.svc@tenant.onmicrosoft.com
#Config Variables - Customize this to match yours $SiteURL = "https://mantoso-my.sharepoint.com/personal/manoj_karunarathne_mantoso_com" $UserID="i:0#.f|membership|account@tenant.onmicrosoft.com" #Connect to PnP Online Service MFA Connect-PnPOnline -Url $SiteURL -UseWebLogin #sharepoint online powershell delete user from site collection Remove-PnPUser -Identity $UserID -Force
If your result is similar to below, the command has done its job ! now go check that permission box and you should not see that account anymore.
Microsoft Cloud Infrastructure Technical Journal 