Pages

Monday, November 16, 2015

Unable to delete newly created Active Directory in Azure

Problem

You’ve recently created a new Directory in Azure but noticed that you created it in the wrong Location and since it is a new directory with no objects created, you decide to delete quickly notice that you are unable to with the following message presented:

Delete directory

Cannot delete ‘<Directory Name>’

The following issue(s) prevent deletion of this directory:

Directory contains one or more applications that were added by a user or administrator.

image

Solution

The reason why a seemingly new directory cannot be deleted is because the creation process automatnically creates applications that needs to be manually deleted.  The following KB outlines the process:

You can’t delete a directory through the Azure Management Portal
https://support.microsoft.com/en-us/kb/2967860

The suggested cmdlet that the KB above suggest to be executed is:

Get-MsolServicePrincipal | Remove-MsolServicePrincipal

What I’ve noticed from most colleagues or clients who ask me about this is that they are unsure as to how to run this safely without accidentally deleting applications associated with directories and objects that are in their Azure account.

With this in mind, the correct method of deleting applications associated with the directory you want to delete is to log in with the global administrator of your subscription account that you used to create this directory and create a new global admin for this directory itself:

image

image

Ensure that Global Admin is selected:

image

Continue to create the temporary password:

image

image

As this is a new account with a temporary password, you will need to log into the https://login.microsoftonline.com portal once to configure a password first otherwise you won’t be able to log in via remote PowerShell:

image

image

Once the password has been set, proceed to launch the Windows Azure Active Directory Module for Windows PowerShell and execute the Connect-MsolService cmdlet, authenticate and execute Get-MsolServicePrincipal:

imageimage

The list of applications display should only be specific to the directory you are attempting to delete as you are logged into the account that was just created.  Proceed to execute the cmdlet Get-MsolServicePrincipal | Remove-MsolServicePrincipal to delete the applications:

image

Note that there will be some applications that can’t be deleted as shown in red so it is safe to ignore them.

With the applications deleted, continue by logging in as the global administrator subscription account used to create the directory, delete account that was created and finally delete the directory:

Delete directory

Select the checkbox to delete ‘<Directory Name>’. This can take an hour or more.

Deleting ‘<Directory Name>’ cannot be reversed, and will delete all resources in the directory.

image

Hope this clarifies the process of safely removing an Azure hosted directory.

No comments: