How to remove an orphaned Application in an Azure Directory?
I have a second (non-Default) directory that I was using to test the AD Connect app, and having finished with it, want to delete.
I have been able to remove the users both with the Management Portal and remove-msoluser, but am unable to delete the directory as it has one Application registered - "Office 365 Management APIs"
In the management console, this Application looks a little weird - there are no options to do anything on its dashboard and just checking, this Application is also installed in my Default Directory and looks the same - maybe it cannot be removed?
Have tried removing the App using the Remove-msolservice cmdlet, and tried the whole-hog approach as per Method 5 in https://support.microsoft.com/en-au/kb/2967860/en-us - seems to run through ok, but the Application is still listed, and when deleting the Directory I still get the error -
Directory has one or more applications that were added by a user or administrator
I had the same problem. When performed the steps below, I could delete the Azure Active Directory tenant:
Log in to Azure and create a new user with Global Admin permissions in the AAD you're trying to delete.
Open the Azure Active Directory Module for Windows PowerShell and execute the following:
Connect-MsolService (Log in with #onmicrosoft global admin account you created)
Get-MsolServicePrincipal | Remove-MsolServicePrincipal (This will generate errors but it's ok)
Log in to https://manage.windowsazure.com as the service admin
Delete already created #onmicrosoft.com Global Admin user
Delete the AAD now
You check the sites below as well:
http://blogs.msdn.com/b/dstfs/archive/2015/05/27/trouble-deleting-azure-active-directory-aad-due-to-quot-visual-studio-online-quot-item-in-aad-quot-applications-quot-list.aspx
or here:
https://www.opsgility.com/blog/deleting-azure-ad-applications
You must run the following cmdlets after running the remove cmdlets:
Get-MsolServicePrincipal | Set-MsolServicePrincipal -AccountEnabled $False
then delete the temporary global admin account (if any) and you should be able to delete the directory.
More information about this issue: https://support.microsoft.com/en-us/kb/3112170
This article helps me to delete Azure AD I created with old Windows Azure Portal (manage.windowsazure.com):
https://blogs.msdn.microsoft.com/ericgolpe/2015/04/30/walkthrough-of-deleting-an-azure-ad-tenant/
In a nutshell:
Create a new user under the AD you intend to delete.
User must have Global Admin role.
You will get temporary password for this user. Once login to Azure Portal with this user, you will need to create a permanent password.
Use this credential, you will remove Azure AD's applications using Azure AD PowerShell
Then, go back to Azure AD you intend to delete (using your credential, not the newly created user), delete the user you just created.
Only after doing all these will you be able to delete the Azure AD.
Related
I'm reviewing Azure Automation, but I couldn't find out if it is possible to run a PowerShell script whenever a new user is added to Active Directory? The scenario I'm researching is whenever a new Office365 account is added through admin.microsoft.com then I want to configure some email preferences for this user. I have my PowerShell script tested already (so these preferences should be set correctly), but now I'm trying to find out how exactly this script should be executed right after account is added.
Thanks,
You can inspect the Azure AD Audit logs for new user creation. You can export the Diagnostic Settings (logs) to Azure Monitor (see doc).
The following is an idea but I never tried it myself:
In Azure Monitor -> Logs you can find for example this query:
Modify it according to your needs and create an alert rule. In the alert rule, you can set up an action group that triggers your automation account with the PowerShell script.
I recently started looking at my Azure Subscription again. A long time ago, I was playing with Azure Active Directory...and created 2 of them.
Let's just call them...
AAA Directory
BBB Directory
Apparently, Azure creates a completely separate 'portal' alongside each manually created 'active directory'. I wanted to delete them...so I went to DELETE & followed the instructions
I deleted all groups
I deleted all application registrations
I deleted all users
I have no subscriptions...but somehow...it 'thinks' I do...and shows "Delete all license-based subscriptions"
Choosing the "Delete all license-based subscriptions" link brings you to a page that says you need to go to the 'Azure Admin Center'...
Clicking DELETE in the 'Azure Admin Center' dashboard shows the "You can't delete the last dashboard" error message
I feel like I am going in circles.
How do I delete each of the manually created Azure AD's entirely?
How do I delete any associated portals to the manually created AD's entirely?
How do I get the manually created AD Portal's 'directories' to stop listing in my subscription tab?
UPDATE:
I have noticed the following message:
"We have detected that your current user account is external to this tenant. Please sign-out and login with Global Admin credentials using the initial default domain name such as user#contoso.onmicrosoft.com."
But my Microsoft Account lists as being a Global Admin
I have upgraded my subscription from "azure for students" to "pay as you go" but when i try to create workspace using jupyter local notebook server i am getting a user error which says You are currently logged-in to ... tenant you don't have access to .... subscription, please check if it is in this tenant., i was able to create my workspace using azure portal but i want to create my workspace using jupyter local notebook server, how to fix that error?
user error
code
I Had the same issue and found out that azure ml was using my default tenant. I had to specify the tenant Id I want to use.
interactive_auth = InteractiveLoginAuthentication(tenant_id="my-tenant-id")
ws = Workspace(subscription_id="my-subscription-id",
resource_group="my-resource-group",
workspace_name="my-workspace",
auth=interactive_auth)
This issue usually occurs if you selected the wrong directory, or your account doesn't have sufficient permissions. To fix this issue, first ensure that you have selected the correct directory and have your resources in that directory by clicking your account at the top right.
If you still see that message, make sure that you have the Owner role assigned to your account by going to All Services > Subscriptions > your subscription that you want access to > Access control (IAM) > Role assignments > Add > Add role assignment.
Refer to the guide for reference.
How to select an Azure AD user account on an Azure AD joined device?
I've just run into this problem and solved it using these steps:
Create your task as normal in Task Scheduler. In security options select any local user.
Export the task into an xml file
Delete the task from Task Scheduler
Open cmd line and run whoami /user - if you want to run the task as a different user to the currently logged in one, you'll have to adjust this accordingly
Open the exported task xml file, modify the <Principals> section:
<Principals>
<Principal id="Author">
<UserId>PUT THE USER ID HERE</UserId>
...
Save the edited xml file. Import it into Task Scheduler
Task Scheduler will display AzureAD\Username even though you aren't able to choose AzureAD when selecting locations. See example image here
Open a CMD and type:
whoami
This wil show your azuread\username
Usually this is azuread\firstmiddellastname
That is the username that you are looking for.
You should use the azure ad account that you used to make the azure ad joined device. To find the azure ad user, you could open the Azure Portal, you could see all the user in the Azure Active Directory.
I'm trying to delete an Active Directory (not default) in Azure. It said I need to Delete all App registrations. When I click on the link, there is no registered app.
Interesting is dashboard said I have 1 app registered. When I click on the link, there is no app either.
I faced similar situation today and got to this post.
I have found solution accidentally by following one of the MSDN article.
This article is about adding new application and that's how I got to understand how to find all registered applications.
Basically, this happened because there are two places where application registrations are shown.
One
Under "Azure Active Directory" -> "App Registrations".
Second
Under left navigation -> "All Services" -> Search for "Azure AD B2C" -> click on it -> Open.
Then you will be able to see "Applications".
Here all your application which are using your Azure B2C instance are listed. You will have to delete them.
Once they are deleted, you can again go to "Delete Directory" option and all your checks / pre requisites should be successful.
This helped me to resolve exact same issue and hoping that this should also help you.
You may also have to remove additional service principals. Use Azure Active Directory Module for Windows PowerShell to remove all service principals. To do this, follow these steps:
Open Azure Active Directory Module for Windows PowerShell.
Connect to the Microsoft Online Service.
Run the following command:
Get-MsolServicePrincipal | Remove-MsolServicePrincipal
Note You may receive an error when you remove some service principals. These principals can’t be removed. However, this does not prevent you from deleting your directory.
The error that you receive may resemble the following:
Remove-MsolServicePrincipal : Invalid value for parameter. Parameter Name: appPrincipalId.
Also, you can use ARM powershell as following command:
Get-AzureRmADServicePrincipal | Remove-AzureRmADServicePrincipal
Please let me know if it helps!
First:
Connect-AzureAD -Tenant id <string>
to learn application's object id
Get-AzureADApplication
then
Remove-AzureADApplication -ObjectId <srtring>