If you have had the bad luck of eliminating the synchronization from your Active Directory without first removing the users or groups, you will have realized that it is not possible to eliminate them later from the Azure portal. This is the typical scenario that occurs in your test environment, where you can end up with remnants of previous synchronizations. In this article I’ll share the PowerShell script that you can use to remove both groups and users.
#Install AzureAD module Install-Module AzureAD #Connect to Azure AD Connect-AzureAD #Get Azure AD Users Get-AzureADUser #Remove Orphan Azure AD User Remove-AzureADUser -ObjectId USER_OBJECT_ID #Get Azure AD Groups Get-AzureADGroup #Remove Orphan Azure AD Group Remove-AzureADGroup -ObjectId GROUP_OBJECT_ID
As you can see, before performing any operation, you need to install the AzureAD module and connect to a user with sufficient privileges to view and delete objects. Finally, use the ObjectId of the element you want to remove from your directory. You can get this by viewing users with Get-AzureAD and groups with Get-AzureADGroup.
Leave a Reply
You must be logged in to post a comment.