In an attempt to view the cost analysis at the Management group level, I am receiving the following error message:
Management group LandingZone does not have any valid subscriptions. (Request ID: 3867f325-14c1-4181-bc25-0299516c0b25)
It has the following subscriptions
Probably you have 2 directories: directory A and directory B.
You can check that if you go into your account and you have Switch Directory:
The billing of all the subscriptions in directory A are redirected into directory B or the other way around.
EDIT: In this case what you need to do is to go to Cost Management, create a view with all the subscription that are in the directory A and a view with all the subscriptions in the directory B and save.
Use that to see the totals
Related
Two years ago I had a training on MS Azure Fundamentals. Back in those days the Azure orgnizational structure was:
Account -> subscription (+Directory) -> resource group -> resource
Now I am about to refresh my knowledge and see that this was changed to
Management Group -> management group / Subscription (+ Directory) -> resource group -> resource
Was it just renamed or do I have a missleading picture of an "account" in my mind thinking that this is a encapsulating entity where I can do some major/general configuration.
What I find searching the web for information on that topic never gives an holistic overview on the interchange between all those elements:
User Account
Directory (same as AAD)
Tenant
Subscription
Did I forget something on the first levels?
Yes you are on the right track please check the below Architectural structure
I recently started looking at my Azure Subscription again. A long time ago, I was playing with Azure Active Directory...and created 2 of them.
Let's just call them...
AAA Directory
BBB Directory
Apparently, Azure creates a completely separate 'portal' alongside each manually created 'active directory'. I wanted to delete them...so I went to DELETE & followed the instructions
I deleted all groups
I deleted all application registrations
I deleted all users
I have no subscriptions...but somehow...it 'thinks' I do...and shows "Delete all license-based subscriptions"
Choosing the "Delete all license-based subscriptions" link brings you to a page that says you need to go to the 'Azure Admin Center'...
Clicking DELETE in the 'Azure Admin Center' dashboard shows the "You can't delete the last dashboard" error message
I feel like I am going in circles.
How do I delete each of the manually created Azure AD's entirely?
How do I delete any associated portals to the manually created AD's entirely?
How do I get the manually created AD Portal's 'directories' to stop listing in my subscription tab?
UPDATE:
I have noticed the following message:
"We have detected that your current user account is external to this tenant. Please sign-out and login with Global Admin credentials using the initial default domain name such as user#contoso.onmicrosoft.com."
But my Microsoft Account lists as being a Global Admin
I have an Azure App Service Plan and a Web App. I want to move them to another subscription. There is a limitation that app service plan and app service must be moved together from the origin resource group of the app service plan. Someone had moved the resources from their origin resource group and deleted the resource group. Now, how can I find the name of the origin resource group ?
In some cases it can be found in the WebSpace property of app service plan. For example [ "webSpace": "RG-SK-MarkIII-CentralUSwebspace" ], RG-SK-MarkIII is the origin resource group of the app plan. But in my case the webSpace is like this ["webSpace": "AustraliaEastwebspace" ]. Is there any other way to find it through CloudShell ?
You can look up the actions taken by a particular user, even for a resource group that no longer exists.
az monitor activity-log list -g ExampleGroup --caller someone#contoso.com --offset 5d
Kindly try these steps:
If you don't remember the original resource group, you can find it through diagnostics.
For your web app, select Diagnose and solve problems.
Then, select Configuration and Management.
Select Migration Options.
Select the option for recommended steps to move the web app.
You see the recommended actions to take before moving the resources. The information includes the original resource group for the web app.
- I understand you're referring to RG deletion scenario, kindly try this and let me know how it goes.
Reference document move across subscription.
Furthermore, you can only change to a plan that was created in the same "webspace" as your original app. Webspace is an internal concept that's not exposed, but you can verify whether your source and destination plans are in the same webspace or not.
To verify, do the following:
https://resources.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/serverfarms/{serverFarmName}
Confirm whether the webSpace property of your source plan matches the webSpace property of your new plan
I tried following the Quickstart: Run a Spark job on Azure Databricks using the Azure portal as described at: https://learn.microsoft.com/en-us/azure/azure-databricks/quickstart-create-databricks-workspace-portal
But when I later try to delete resource group for that databricks resource I got the following two errors:
Delete resource group databricks-rg-mydatabricksws-5mlo3dio7wef2
failed The resource group databricks-rg-mydatabricksws-5mlo3dio7wef2
is locked and can't be deleted. Click here to manage locks for this
resource group.
UnauthorizedApplicationId "The management lock ... is owned by system
application"
See: https://aka.ms/arm-lock
Lock Deletion Failure The lock named mydatabricksws was unable to be
deleted for the following reasons: {"errorThrown":"Unavailable in
batch","jqXHR":{"responseJSON":{"error":{"code":"UnauthorizedApplicationId","message":"The
management lock 'mydatabricksws' is owned by system application(s)
'd9327919-6775-4843-9037-3fb0fb0473cb'.
I also encountered the same problem before. I get the answer from this link.
Log into your Azure Databricks workspace as the account owner (the user who created the service), and click the user profile Account icon at the top right.
Select Manage Account.
In the Azure Databricks service, click Azure Delete and then OK.
You also could get the Azure Databricks code demo from this document.
I have created a Service Principal, and set up the necessary linked services to utilise the credentials and secret key etc in ADF, here is a run down of how this is done:
https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-authenticate-using-active-directory
When i execute my pipeline, and the files are written to the ADL, i can see the top level folder (i am logged in the creator of the ADL service, and am also a contributor on the Resource Group), but i am absolutely unable to drill down any further.
The error i receive basically boils down an ACL error.
Interestingly, i also not at the Execution Location is listed as: East US 2 when using the service principal.
When i manually authenticate the ADL connection in Data Factory (with my own credentials), every works absolutely fine, and the 'execution location' is now listed, correctly, as North Europe.
Has anyone ever seen this?
Helpful Reading: https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
The problem that you are running into is like an ACL issue as you mentioned. By just having contributor access, you only have access and permission on the Management Plane and not the Data Plane of the account.
Here is the mental model for thinking about ACLs
If you need to be able to read a file, you need r-x access on that file, and --x permissions on the parent folder all the way up to root.
If you create a new folder, and you create an Default ACL entry for yourself, it will apply to all new files and folders created below it.
To address your issue, please ask a Super User (someone from the Owners group) to give you this access.
Alternatively if you are an owner, you will have RWX access to any files/folder indepedent of any ACLs.
This should solve your problem.