I want to delete an Azure active directory. Sadly I receive error messages.
The first one: "Directory has one or more Azure subscriptions". Yes that's normal, I want to delete everything to start over my Azure account.
This AD directory just contains one user, which is a global administrator (me with a different email). When I try to modify it to put it as a standard user, I receive this error: "Please try again. If the problem persists, contact support."
So actually I can't delete this AD directory. I tried to get help from the support but I didn't find a way to have more information.
Do you have an idea of how can I do that? Any help would be appreciated (thanks).
The problem isn't the one user in your Azure AD, but the whole AD is tied to your subscription.
You need to create a new Azure AD and connect it to your subscription.
Steps to make this work:
Create a new ID
go to manage.windowsazure.com
select Settings (bottom left menu item
Select your subscription
Press "Edit Directory" in the bottom navigation bar
Associate the new Azure AD
Now you should be able to delete the old Azure AD.
I just wrote a blog about how to delete Azure AD tenants. Unfortunately you often need to resort to using PowerShell to finally clear out any lingering Principals and/or registered applications.
See https://blog.nicholasrogoff.com/2017/01/20/how-to-delete-an-azure-active-directory-add-tenant/
Related
My team already has a working Azure DevOps account. I would like to start an Azure subscription / Active Directory to begin linking our DevOps to App Services and other Azure products.
However, any time I click on a link to get started with Azure, I am met with a perplexing paradox trying to log in.
First I'm told that I can't log in because my MS account isn't found:
But if I try to "Create one!" or "get a new Microsoft account", I'm told it already exists:
I've taken out the email address being used, but I've confirmed they are the same between the two screens (I'm not even typing anything; all I'm doing is clicking "Next" on each screen).
I know that this MS account is valid. It's the same one I use to sign in with Azure DevOps and many other MS services. I'm not sure why I can't log in to the Azure set up platform. And there doesn't seem to be any kind of support options with Azure before you become a subscriber, so I thought I'd try my luck posting the issue here.
Thanks for any help!
You can connect your Azure DevOps organization to Azure Active Directory (Azure AD). Kindly checkout this document - About accessing your organization via Azure AD
Just to clarify, I hope you are an administrator on the subscription.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
When your sign-in address is shared by your personal Microsoft account and by your work account or school account, but your selected identity doesn't have access, you can't sign in. Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions.
Sign out completely from Azure DevOps by completing the following steps.
Closing your browser might not sign you out completely.
Sign in again and select your other identity.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
To connect your organization to Azure AD.
Sign in to your organization, https://dev.azure.com/{yourorganization}).
Select gear icon > Organization settings.
Select Azure Active Directory, and then select Connect directory.
I'm trying to delete my Ad, but the system says that I cannot delete it because "there is an Application using it.
When I go to Application Tab, it just show me Visual Studio Online (with www.visualstudio.com url) and did not show an option to delete... How can I do to remove it?
Note: I've tried to create another Azure account, but the system tells
me that I've already created my mycompany.onmicrosoft.com
A global administrator can delete an Azure AD directory from the portal. When a directory is deleted, all resources contained in the directory are also deleted; so you should be sure you don’t need the directory before you delete it.
There are some conditions before you can delete the AD from portal because it will impact the users or Applications.
global administrator who will delete the AD
sync will need to be turned off if you are using in house AD to Azure
Other users must be deleted in the cloud directory by using the Management Portal or the Azure module for Windows PowerShell.
Any applications must be deleted before the AD can be deleted.
Make sure there is no online subscription connected with AD.
Check in Azure management ? settings for more info.
I hope you can resolve your issue quicker.
Let me know the outcome.
Regards
My Office365 subscription expired and I was allocated a new 365subscription which has cause a problem. As I can not disassociate the old office365 subscription from my Azure directory.(I can not delete the Office 365 applications so I can not delete the directory)
Q) how can I associate the new Office365 subscription to my Azure subscription? and gain access to the directory that is associated with that subscription?
??
This was pretty tricky one. It is worthed a whole blog post. I will try to briefly describe the process here:
Login to your existing Azure Subscription in the management portal (https://manage.windowsazure.com/)
Navigate to the Active Directory section
From the bottom command bar click on the Add button
A new wizard will pop-up with two options: Create New | Use Existing
Chose the "Use Existing" and carefully read and confirm the instructions
You will signed out from current session and the Azure AD login page will come - Here you have to enter the Admin credentials from the new AD (Office 365)!
You will be asked "Use XXXX Directory with Windows Azure" - confirm (this will once again sign you out)
If everything ran smoothly now you will have two Azure Active Directories in your Azure Account. Be careful, still your OLD directory is the "Global Admin" and Account Administrator for your Azure Account. In the last stretch you will have to change the default Directory for the Azure subscription. This will be accomplished by:
Login to the Azure Management portal using the old account!
Navigate to Settings -> Subscriptions tab
Click with the mouse on the subscription to select it
On the bottom command bar click on Edit Directory
A new wizard "Change Associated Directory" will appear with a drop down.
Drop down will have list of All Azure directories (Office 365 Subscription) which are not currently associated with the Azure Account - i.e. you will only see one choice - your new O365 directory
Select the new directory
Confirm your choice
If not forced to log out by the system, do it - log out
At this point, your Azure Account should be associated with your new O365 directory. If it doesn't work, please provide all relevant information - error messages, screenshots and if you exactly followed the procedure.
I can't seem to figure out how I can delete the tenant which I have created from my Azure Subscription. Can anyone help me figure out how to do this? It sounds like it should be easy to do, but maybe I'm missing something.
Currently you cannot remove AAD tenant from the Azure Portal. You also cannot rename it. The good thing is that you are not being charged for it if you are not using any special features (i.e. even if you use for just authenticating without the Two-Factor-Authentication it is still free!). And I don't recall to have seen an API via which you would be able to remove an AAD tenant.
UPDATE
As of November 2013 you are able to rename Azure AD, Add new Azure AD, change default AD for a subscription, delete Azure AD(as long as there is not subscription attached, and no user/groups/apps objects in it).
We were eventually able to delete an Azure Active Directory instance after we deleted all mapped users (except for the administrator who was logged in) and groups.
Make sure you go through the following list of possible causes for not being able to delete your Azure AD:
You are signed in as a user for whom <Your Company Name> is the home directory
Directory contains users besides yourself
Directory has one or more subscriptions to Microsoft Online Services.
Directory has one or more Azure subscriptions.
Directory has one or more applications.
Directory has one or more Multi-Factor Authentication providers.
Directory is a "Partner" directory.
Directory contains one or more applications that were added by a user or administrator.
I joined to Windows Azure Active Directory beta trial when http://activedirectory.windowsazure.com was initially launched.
At initial process, site forced me to use a new LIVE account instead of the one I already have which is myname#live.com and also controls all my Azure services. Anyway, I did create a new one as myname#mycompany.com
Next, I did be able to create the active directory domain as mycompany#onmicrosoft.com and added my mycompany.com domain as secondary domain.
While ago, Active Directory tab appeared in Azure control panel and it came empty. So I assumed it needs to be link somehow but couldn't find anything about it.
After that, I tried to create a new domain but when I type mycompany into the name field of the create a directory page, it says "This domain is not unique" which is predictable since other live account holds the name.
Tried to delete entire account but didn't work. Also in here says :
"The original contoso.onmicrosoft.com domain name that was provided for your tenant when you signed up cannot be removed from your tenant."
Since I'm the owner of the both account, I would like to move (or re-create etc.) mycompany#onmicrosoft.com under my actual Azure account which is myname#live.com.
Please advise. Thank you!
I didn't realize you had an existing subscription you were looking to work wit. So what you are seeing is expected behavior as there is no subscription associated with your Azure AD account.
We are propping an update this weekend and Monday that will help you here. On Tuesday morning, do the following:
Log into Azure using your Azure AD account.
It will tell you that you have no subscription - set up a 90 day trial subscription - you will not be charged anything for this.
Click onto Active Directory tab in the Azure Portal.
Add a new user - and select to add a user with a Microsoft Account - specify the account that is the administrator of your Windows Azure subscription and make them a "global administrator".
Log off
Log in to Azure portal using the same Microsoft Account that you just added.
Go into Settings.
Click on administrators tab
Select your Azure Subscription
Click "add" in the tray at the bottom
Now add the Azure AD user account you would like to have be a co-admin on your Azure subscription.
That should do it. Now when you log in using your Windows Azure Account you'll be able to administer your Azure subscription.
Just a reminder - try this on Tuesday morning! We will have the update propped by then.
You can make this work though by creating a new 90 trial subscription - you do this on the page where you are being told there are no subscriptions associated with your account.
You need to log into Azure using your myname#mycompany.com account (the Windows Azure Active directory account you created).
To do that, go to the Azure Management portal - if you are already logged in using a Microsoft Account (formerly LiveID) you will need to log-out first - Then the left hand side of the login page you should see a link that says "Office 365 users: Sign in using your organizational account".
Click on that link, and now log into the Azure portal using your Azure AD Account (myname#mycompany.com). Once you do that, you should see your Windows Azure AD tenant in the Active Directory tab in the portal.