Share the love

The other day I was deleting Azure Active Directory directories that I had without any use. However, one of them resisted me. In this article I am going to tell you how I managed to solve it, in case it happens to you too.

The problem

When you want to delete a directory, you can do it from Azure Active Directory > Delete directory. When this button is clicked, a check is always made to check if you have something linked to that directory and it is necessary to eliminate it before.

In my case, the problem came from business applications. If you click on the Delete all Enterprise applications link you will see all the ones you need to delete before proceeding (or so it seems). In my case, I had one of my Azure DevOps accounts associated.

However, when I tried to delete it, I saw that the Delete button was disabled .

Solution 1

The way to solve it is through PowerShell. If you are in the same situation as I was, use the following script:

#Install AzureAD module
Install-Module -Name AzureAD

#Connect to Azure AD as Global Administrator
Connect-AzureAD

#Delete your applications
Get-AzureADServicePrincipal | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.ObjectId }

It is very simple: I install the AzureAD module if I don’t already have it, I connect to a tenant account that I want to delete (this account must have the role of Global Administrator) and delete all apps. The command will give some errors because it will also try to remove some applications that are internal, but it will also delete all yours.

If you go back to the portal, the application should have disappeared and if you try to delete the directory again you will have everything Ok.

Solution 2

After launching the above commands if you still cannot delete it for the same reason, try also launching the following script. MSOnline module (version 1 of the Azure AD PowerShell module) is used in the script.

#Install MSOnline module
Install-Module MSOnline

#Import MSOnline module
Import-Module MSOnline

#Connect to your Azure Active Directory
Connect-MsolService

#You can verify that you're in the right tenant
Get-MsolDomain

#Get all and remove them
Get-MsolServicePrincipal | Remove-MsolServicePrincipal

This can happen if you have older applications in your tenant, which you can only delete with version 1. As in the previous script, these commands may give errors when trying to remove internal applications, but it will delete them during the process.