I recently started looking at my Azure Subscription again. A long time ago, I was playing with Azure Active Directory...and created 2 of them.
Let's just call them...
AAA Directory
BBB Directory
Apparently, Azure creates a completely separate 'portal' alongside each manually created 'active directory'. I wanted to delete them...so I went to DELETE & followed the instructions
I deleted all groups
I deleted all application registrations
I deleted all users
I have no subscriptions...but somehow...it 'thinks' I do...and shows "Delete all license-based subscriptions"
Choosing the "Delete all license-based subscriptions" link brings you to a page that says you need to go to the 'Azure Admin Center'...
Clicking DELETE in the 'Azure Admin Center' dashboard shows the "You can't delete the last dashboard" error message
I feel like I am going in circles.
How do I delete each of the manually created Azure AD's entirely?
How do I delete any associated portals to the manually created AD's entirely?
How do I get the manually created AD Portal's 'directories' to stop listing in my subscription tab?
UPDATE:
I have noticed the following message:
"We have detected that your current user account is external to this tenant. Please sign-out and login with Global Admin credentials using the initial default domain name such as user#contoso.onmicrosoft.com."
But my Microsoft Account lists as being a Global Admin
Related
I have upgraded my subscription from "azure for students" to "pay as you go" but when i try to create workspace using jupyter local notebook server i am getting a user error which says You are currently logged-in to ... tenant you don't have access to .... subscription, please check if it is in this tenant., i was able to create my workspace using azure portal but i want to create my workspace using jupyter local notebook server, how to fix that error?
user error
code
I Had the same issue and found out that azure ml was using my default tenant. I had to specify the tenant Id I want to use.
interactive_auth = InteractiveLoginAuthentication(tenant_id="my-tenant-id")
ws = Workspace(subscription_id="my-subscription-id",
resource_group="my-resource-group",
workspace_name="my-workspace",
auth=interactive_auth)
This issue usually occurs if you selected the wrong directory, or your account doesn't have sufficient permissions. To fix this issue, first ensure that you have selected the correct directory and have your resources in that directory by clicking your account at the top right.
If you still see that message, make sure that you have the Owner role assigned to your account by going to All Services > Subscriptions > your subscription that you want access to > Access control (IAM) > Role assignments > Add > Add role assignment.
Refer to the guide for reference.
How do I create a new user that can login to my Azure VM as an administrator? My top google search result mentions Active Directory. This particular machine is not on a domain. I tried creating the user under computer management and I get an unknown error and there is nothing helpful in the Event Viewer.
I also tried adding a user from the Azure Portal under Access Control for my VM instance and see a message that reads "No Virtual Machines In This Subscription Can Be Assigned Access".
Creating a user under the computer management worked for me
I just done it by login to the VM where I want the another account:
NB: these instruction are for Win Server 2012 R2 based VMs
login to the VM by using an existing admin account
Hit start and type "create an account"
click on Add a user account
Enter username & password (password should met the complexity requirements)
Hit next and you will see a message stating the user has been created
if required, the account type can be changed to admin
Hit search and type Change Account Type
choose the account
select administrator or standard
hit change account type
and you are done :)
I'm trying to delete an Active Directory (not default) in Azure. It said I need to Delete all App registrations. When I click on the link, there is no registered app.
Interesting is dashboard said I have 1 app registered. When I click on the link, there is no app either.
I faced similar situation today and got to this post.
I have found solution accidentally by following one of the MSDN article.
This article is about adding new application and that's how I got to understand how to find all registered applications.
Basically, this happened because there are two places where application registrations are shown.
One
Under "Azure Active Directory" -> "App Registrations".
Second
Under left navigation -> "All Services" -> Search for "Azure AD B2C" -> click on it -> Open.
Then you will be able to see "Applications".
Here all your application which are using your Azure B2C instance are listed. You will have to delete them.
Once they are deleted, you can again go to "Delete Directory" option and all your checks / pre requisites should be successful.
This helped me to resolve exact same issue and hoping that this should also help you.
You may also have to remove additional service principals. Use Azure Active Directory Module for Windows PowerShell to remove all service principals. To do this, follow these steps:
Open Azure Active Directory Module for Windows PowerShell.
Connect to the Microsoft Online Service.
Run the following command:
Get-MsolServicePrincipal | Remove-MsolServicePrincipal
Note You may receive an error when you remove some service principals. These principals can’t be removed. However, this does not prevent you from deleting your directory.
The error that you receive may resemble the following:
Remove-MsolServicePrincipal : Invalid value for parameter. Parameter Name: appPrincipalId.
Also, you can use ARM powershell as following command:
Get-AzureRmADServicePrincipal | Remove-AzureRmADServicePrincipal
Please let me know if it helps!
First:
Connect-AzureAD -Tenant id <string>
to learn application's object id
Get-AzureADApplication
then
Remove-AzureADApplication -ObjectId <srtring>
How to remove an orphaned Application in an Azure Directory?
I have a second (non-Default) directory that I was using to test the AD Connect app, and having finished with it, want to delete.
I have been able to remove the users both with the Management Portal and remove-msoluser, but am unable to delete the directory as it has one Application registered - "Office 365 Management APIs"
In the management console, this Application looks a little weird - there are no options to do anything on its dashboard and just checking, this Application is also installed in my Default Directory and looks the same - maybe it cannot be removed?
Have tried removing the App using the Remove-msolservice cmdlet, and tried the whole-hog approach as per Method 5 in https://support.microsoft.com/en-au/kb/2967860/en-us - seems to run through ok, but the Application is still listed, and when deleting the Directory I still get the error -
Directory has one or more applications that were added by a user or administrator
I had the same problem. When performed the steps below, I could delete the Azure Active Directory tenant:
Log in to Azure and create a new user with Global Admin permissions in the AAD you're trying to delete.
Open the Azure Active Directory Module for Windows PowerShell and execute the following:
Connect-MsolService (Log in with #onmicrosoft global admin account you created)
Get-MsolServicePrincipal | Remove-MsolServicePrincipal (This will generate errors but it's ok)
Log in to https://manage.windowsazure.com as the service admin
Delete already created #onmicrosoft.com Global Admin user
Delete the AAD now
You check the sites below as well:
http://blogs.msdn.com/b/dstfs/archive/2015/05/27/trouble-deleting-azure-active-directory-aad-due-to-quot-visual-studio-online-quot-item-in-aad-quot-applications-quot-list.aspx
or here:
https://www.opsgility.com/blog/deleting-azure-ad-applications
You must run the following cmdlets after running the remove cmdlets:
Get-MsolServicePrincipal | Set-MsolServicePrincipal -AccountEnabled $False
then delete the temporary global admin account (if any) and you should be able to delete the directory.
More information about this issue: https://support.microsoft.com/en-us/kb/3112170
This article helps me to delete Azure AD I created with old Windows Azure Portal (manage.windowsazure.com):
https://blogs.msdn.microsoft.com/ericgolpe/2015/04/30/walkthrough-of-deleting-an-azure-ad-tenant/
In a nutshell:
Create a new user under the AD you intend to delete.
User must have Global Admin role.
You will get temporary password for this user. Once login to Azure Portal with this user, you will need to create a permanent password.
Use this credential, you will remove Azure AD's applications using Azure AD PowerShell
Then, go back to Azure AD you intend to delete (using your credential, not the newly created user), delete the user you just created.
Only after doing all these will you be able to delete the Azure AD.
When I try to create a new Azure Redis Cache and choose a location I just get a "There are no locations available." message.1 Setting everything else first still results in the same error. Refreshing the page doesn't resolve the issue. The problem occurs in both IE and Chrome.
Thanks for reporting this. It seems to be a bug in the portal. I can reproduce it if I click "Location" immediately after the "New Redis Cache" blade opens. However, if I wait a few seconds before clicking "Location", it doesn't repro.
As a workaround, if you close and reopen the "Location" blade it should populate correctly.
We will also work on fixing this in the portal.
Finally, for any issues with Azure Redis Cache you can contact us via email at azurecache#microsoft.com.
After working with the Azure team via email we were able to narrow down the problem and find a workaround.
There are 3 problems at work here that result in my symptoms:
The various New blades in the portal will default you to a disabled subscription. I believe they currently default to the first subscription (oldest) which may not be an active subscription. This results in the default behavior upon choosing a blade to be that of no-subscription.
The New Redis Cache blade will only show locations if you have selected a valid (not disabled) subscription. This behavior differs from the other New blades (such as Create VM) which will show you locations even if you have a disabled subscription selected.
Changing the resource group will automatically change the subscription and lock it, but changing the subscription in this way will not trigger an update to the blade. This means that the locations don't get updated for the new subscription because the subscription-changed-event (made up name) was not fired. In my case, I was always changing the subscription by way of changing the resource group, so I was never able to set the location.
The workaround:
Simply change to an active subscription before choosing a resource group. This will cause the locations list to be updated, and you can then choose a resource group after.