Problem
You’ve recently created a new Directory in Azure but noticed that you created it in the wrong Location and since it is a new directory with no objects created, you decide to delete quickly notice that you are unable to with the following message presented:
Delete directory
Cannot delete ‘<Directory Name>’
The following issue(s) prevent deletion of this directory:
Directory contains one or more applications that were added by a user or administrator.
Solution
The reason why a seemingly new directory cannot be deleted is because the creation process automatnically creates applications that needs to be manually deleted. The following KB outlines the process:
You can’t delete a directory through the Azure Management Portal
https://support.microsoft.com/en-us/kb/2967860
The suggested cmdlet that the KB above suggest to be executed is:
Get-MsolServicePrincipal | Remove-MsolServicePrincipal
What I’ve noticed from most colleagues or clients who ask me about this is that they are unsure as to how to run this safely without accidentally deleting applications associated with directories and objects that are in their Azure account.
With this in mind, the correct method of deleting applications associated with the directory you want to delete is to log in with the global administrator of your subscription account that you used to create this directory and create a new global admin for this directory itself:
Ensure that Global Admin is selected:
Continue to create the temporary password:
As this is a new account with a temporary password, you will need to log into the https://login.microsoftonline.com portal once to configure a password first otherwise you won’t be able to log in via remote PowerShell:
Once the password has been set, proceed to launch the Windows Azure Active Directory Module for Windows PowerShell and execute the Connect-MsolService cmdlet, authenticate and execute Get-MsolServicePrincipal:
The list of applications display should only be specific to the directory you are attempting to delete as you are logged into the account that was just created. Proceed to execute the cmdlet Get-MsolServicePrincipal | Remove-MsolServicePrincipal to delete the applications:
Note that there will be some applications that can’t be deleted as shown in red so it is safe to ignore them.
With the applications deleted, continue by logging in as the global administrator subscription account used to create the directory, delete account that was created and finally delete the directory:
Delete directory
Select the checkbox to delete ‘<Directory Name>’. This can take an hour or more.
Deleting ‘<Directory Name>’ cannot be reversed, and will delete all resources in the directory.
Hope this clarifies the process of safely removing an Azure hosted directory.
No comments:
Post a Comment