Udostępnij za pośrednictwem


Walkthrough of Deleting an Azure AD Tenant

 

Hi All,

This is a quick walkthrough of deleting an Azure AD Tenant.  There are usually some cases when you cannot delete the tenant from the Azure Portal straight away, and I will walk you through a common scenario.

Usually, you navigate to the Portal, select your Azure Active Directory (AAD) tenant, and try to delete it using the taskpane “Delete” functionality:

clip_image002

But, many time, you will receive an error stating you cannot delete the tenant, because you have one or more applications that are still hanging around:

clip_image004

So, how do we rectify this?  Well, first step, you will need to create a new OrgID (Work or School account) in the directory you are trying to delete, to perform these next cleanup actions. The user you create should have Global Admin perms.  Below I will create the user “Delete Me”, in the target AAD tenant I’m attempting to delete:

clip_image006 clip_image008

You will need to copy the created user account’s temporary password, and then login and change this account’s password first, in order to continue:

clip_image010 clip_image012

Next, I recommend to open an Internet Explorer InPrivate session, and go to https://manage.windowsazure.com. Login with the created user account’s temporary password. You will be prompted to change the password, so go ahead and do so. Once that is done you will be redirected to a page which states you do not have any Azure subscriptions active:

clip_image014

At this juncture, you will need your friendly neighborhood PowerShell, with the Azure Active Directory (MSOnline) Module cmdlets installed.

If this is your first time installign them, then first install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the Microsoft Download Center. Then install the Azure Active Directory Module for Windows PowerShell (64-bit version), and click Run to run the installer package.

Open up your PowerShell Command Prompt, and/or Powershell_ISE IDE, and import the module.

You will need to connect to your tenant first, using the administrative user account (“Delete Me” in my case.) you created:
$msolcred = get-credential
connect-msolservice -credential $msolcred

You should now be able to list all the current application SPs in a directory:
Get-MsolServicePrincipal | Select DisplayName

Now, delete all non-required apps in the tenant directory. This should enable you so you can delete the AAD directory.
Get-MsolServicePrincipal | Remove-MsolServicePrincipal

Note: Once I completed this step, here’s what I have left when listing listing again all the current application SPs in the directory using Get-MsolServicePrincipal | Select DisplayName:

Microsoft.Azure.ActiveDirectory
Microsoft.Azure.ActiveDirectoryUX
Microsoft.Azure.GraphExplorer
Microsoft.Azure.Portal
Microsoft.Azure.GraphStore
Microsoft.Azure.SyncFabric

 

Now that you are done, you will have to delete your user in AAD first, before deleting the Directory, or you will get a message saying you cannot delete the directory, because you have one or more users. (Make sure all but the primary administrator of the AAD tenant has been removed):

clip_image016

Also, if you have AD Premium enabled, you also must remove your Premium subscription, or you will not be able to delete your Directory Tenant. The error you receive will state that your “Directory has one or more subscriptions to Microsoft Online Services.”

clip_image018

TO remove your Premium subscription, navigate to your Directory Tenants Licenses area and remove the Premium subscription.

clip_image020

You should now be able to delete your directory successfully.  

clip_image022

That’s it! Hopefully you found this walkthrough useful!

 

Best Regards,
Eric

Comments

  • Anonymous
    June 22, 2015
    Thanks.  This is the second (really annoying) time I've had to do this, referring to this saved link from the first time I needed to find an answer to this (time wasting) problem.

  • Anonymous
    October 10, 2015
    Hallelujah! What an incredible difficult way to do things. Subscription, Directory and account management is utterly frustrating to correct if you didn't start them right! Thanks for this.

  • Anonymous
    October 30, 2015
    THANK YOU!

  • Anonymous
    November 15, 2015
    The comment has been removed

  • Anonymous
    January 11, 2016
    thank you for your post. I don't why but i still be unable to delete the domain because of an app that do not remove. On the manage.windowsazure.com portal in the app section of my tenant, it appears as "Office 365 Management API". from the PowerShell, the cmdlet Get-MsolServicePrincipal | Select DisplayName list the above : DisplayName


Microsoft.Azure.ActiveDirectory Microsoft.Azure.ActiveDirectoryUX Microsoft.Azure.Portal Microsoft.Azure.GraphExplorer Microsoft.Office365Portal any Idea ? I need to remove this tenant from my subscription to recreate it to an other subscription... thank you.

  • Anonymous
    February 11, 2016
    Same problem here... Tried gthe following with no result support.microsoft.com/.../2967860 Using Powershell Login with the global admin of the tenant: Connect-MsolService Check which services are still active: Get-MsolServicePrincipal | Select DisplayName Remove the services (some of them will fail, no worries): Get-MsolServicePrincipal | Remove-MsolServicePrincipal

    • Anonymous
      January 31, 2017
      Bit late to reply but you have to go to the classic portal, open the directory, choose applications, then change it from 'Applications my company uses' to 'Applications my company owns'. Leave the search empty and click the tick. Then delete anything it fins. After that you can delete the directory. Thanks for the article I've been trying this for ages!
  • Anonymous
    June 12, 2016
    Not sure how to remove Intune or Premium, the remove button is not doing anything and I cannot remove the tenant, seems like you waste more time to remove stuff that you don't need and Microsoft support themselves need support

  • Anonymous
    October 03, 2016
    This doesnt work if you no longer have a subscriptions attached, you can't go back to the old portal https://manage.windowsazure.com/Error/NoSubscriptionsThe new portal doesnt have a Delete Button?

  • Anonymous
    October 17, 2016
    I use Get-MsolServicePrincipal | Remove-MsolServicePrincipaland lost access to http://manage.microsoft.comAzure Classic portal throw 400 error now for my account. Many thanks.

  • Anonymous
    November 09, 2016
    Awesome, quite the labyrinth, this Azure thing. Need to learn more about it. Thanks for your help!

  • Anonymous
    February 17, 2017
    AWESOME! Created a test AD to follow up on some Azure training and was stuck in deleting it. This did the trick!

  • Anonymous
    July 19, 2017
    Followed these instructions and cannot remove or "downgrade" my AD tenant to delete it. Something is missing here...[eric] This post is from 2015, so I would expect there have been API changes for tenant deletions with some of the new features pushed forth. Kenneth has written a great update blog post for you to reference here: https://blogs.msdn.microsoft.com/kennethteo/2017/09/19/deleting-azure-ad-tenant/