How to remove Azure Active Directory from Subscription - azure

I can't seem to figure out how I can delete the tenant which I have created from my Azure Subscription. Can anyone help me figure out how to do this? It sounds like it should be easy to do, but maybe I'm missing something.

Currently you cannot remove AAD tenant from the Azure Portal. You also cannot rename it. The good thing is that you are not being charged for it if you are not using any special features (i.e. even if you use for just authenticating without the Two-Factor-Authentication it is still free!). And I don't recall to have seen an API via which you would be able to remove an AAD tenant.
UPDATE
As of November 2013 you are able to rename Azure AD, Add new Azure AD, change default AD for a subscription, delete Azure AD(as long as there is not subscription attached, and no user/groups/apps objects in it).

We were eventually able to delete an Azure Active Directory instance after we deleted all mapped users (except for the administrator who was logged in) and groups.

Make sure you go through the following list of possible causes for not being able to delete your Azure AD:
You are signed in as a user for whom <Your Company Name> is the home directory
Directory contains users besides yourself
Directory has one or more subscriptions to Microsoft Online Services.
Directory has one or more Azure subscriptions.
Directory has one or more applications.
Directory has one or more Multi-Factor Authentication providers.
Directory is a "Partner" directory.
Directory contains one or more applications that were added by a user or administrator.

Related

Using existing Office365 Active Directory with existing Azure account

We have a Office365 account that uses Azure Active Directory for our company e-mail accounts. We have a totally separate (different login) Microsoft Azure account that we have been using without touching Azure Active Directory within.
We are looking to implement Azure Active Directory within our apps, and would like to use our existing O365 Active Directory since it already has all the users created. Is there any way for us to somehow link our Azure account to the O365 account so we can use that active directory in our Azure account?
I have found some examples, but they all seem to use the premise that you are logging into both Azure and O365 with the same credentials. That is not how ours is setup unfortunately.
If you are interested in combining the two (usually keeping O365 identities and making that AAD the default for your Azure subscription), you can contact Microsoft directly and they will be able to manually pair the two. As of 6 months ago (last time I did this) there was no way to do this yourself without assistance from MS.
You can open tickets through the Azure portal or the Office 365 web site.
Found a article that got me pointed pointed in the right direction and I was able to get this done:
How to associate or add an Azure subscription to Azure Active Directory
Ultimately I needed to have one Microsoft account that had sufficient permissions on both Active Directory tenants. It was tricky because both accounts were different Microsoft accounts using the same e-mail address, and either directory would not let me add another account with a duplicate e-mail address. I used a separate Microsoft account and added it as a AD guest on both directories. Once that was done, I was able to login with the new account with access to both directories and pick which directory I wanted to use within my Azure account.

Syncing users between two azure AD

Is there any way to sync users from one azure active directory to another azure active directory. When searching for this I found a lot of options (using AAD connect for example) to sync on premises AD to azure active directory is there a way to do this between 2 actual AAD's.
What I want to achieve is that the users and groups from an office365(what means it has an AAD) gets synced to another azure active directory (moving the second active directory into the 365 AAD is not an option). And so when a user gets added to the 365 it gets added to the other AAD but also when it gets removed (the second active directory has no need for backwards syncing).
AFAIK, there is no such settings/tool we can sync the users between different Azure AD.
To achieve the goal, you need to write the code yourself. For example, you can write a service which pull the users from the two Azure AD and compare them. Then sync the users using the Azure AD Graph as you wanted.

How to Delete Multiple Azure Active Directories and restore to original state?

I have a Microsoft Azure pay-as-you-go subscription. When I first started to try Azure, I created a lot of trial directories and services. Now I would like to cleanup my account, but I am unable to delete the Active Directory because I am a user in that directory. How can I cleanup my azure and restore it to a first time use state?
The error message is:
User akisha#akisha.com is a Service administrator for subscription Access to Azure Active Directory and cannot be removed.
Firstly you should know the followings about deleting an Azure AD directory:
Only the user who has been assigned the "Global Administrator role" can delete the directory. By default, the user who signs up for Azure subscription will get this role.
Any other users in the directory except the global administrator should be deleted before you delete the directory. Any applications should be deleted as well.
You cannot delete the Azure AD directory on the Azure portal if there're still Azure subscriptions be associated with this directory.
A work and school account cannot delete his/her home directory (which the account be created in). Only the guest user (the external user added from another directory or the Microsoft account) can delete the directory.
Just think about the following two scenarios:
1. You use an work and school account (Azure AD account) to sign up for Azure
When you sign up for the Azure subscription, you already have an Azure AD directory which contains the default domain. Your sign up account will both be assigned the Service Administrator role for Azure and the Global Administrator role for Azure AD. In this case, you cannot delete this default directory because this is the home directory of that account.
2. You use an Microsoft Account(outlook, hotmail, etc) to sign up for Azure
In this scenario, this account is a guest user in the default directory (directory A) . Assume that he/she creates another directory lately (directory B). By default, the Azure subscription will be associated with the directory A and you cannot delete it as note above. However, you can change the associated directory to directory B on the Settings note (Azure classic portal). After doing this , you will be able to delete the directory A because the association has been removed.
I wrote a blog page on how to delete an active directory tenant. I have updated the process to use the new portal and the newer AzureAD PowerShell cmdlets.
https://blog.nicholasrogoff.com/2017/01/20/how-to-delete-an-azure-active-directory-add-tenant/
If you just want to clear out all the users, applications and other stuff then you can use PowerShell commands like
Get-AzureADGroup | Remove-AzureADGroup
Get-AzureADUser | Remove-AzureADUser
etc..
To fully remove the AD Tenant you do need to clear it out and my blog explains how to do this with Principals and Applications, but the principle is the same for all objects.

Need help setting up B2B Authentication in Azure AD

I've set up Azure AD authentication on a existing web app and that works ok.
I then want to add "Users in partner companies" via CSV upload. But the account I use to administer Azure is my company account so the option is not available.
So I then created a APPNAME.onmicrosoft.com account.
But when I log in to the portal with that, it's not linked to any subscriptions so obviously it can't add any users to the AD.
And I can't add the user to the subscription as they are not recognised.
I appreciate I'm probably missing/misunderstanding something fundamental but can anyone explain what I need to do to be able to enable B2B collaboration?
If you look at your list of subscriptions is APPNAME.onmicrosoft.com the default directory for any subscription? You currently can't do B2B invites unless it is the default directory for some Azure subscription and unless you pick APPNAME.onmicrosoft.com from the drop down in the top right of the portal. We have had to create a new empty Azure subscription with APPNAME.onmicrosoft.com as the default directory and make the B2B a subscription admin.
Now in order to switch the default directory of the subscription my recollection is that you have to be logged in with a Microsoft account (LiveID) rather than an organizational account.

Error Deleting Azure AD

I'm trying to delete my Ad, but the system says that I cannot delete it because "there is an Application using it.
When I go to Application Tab, it just show me Visual Studio Online (with www.visualstudio.com url) and did not show an option to delete... How can I do to remove it?
Note: I've tried to create another Azure account, but the system tells
me that I've already created my mycompany.onmicrosoft.com
A global administrator can delete an Azure AD directory from the portal. When a directory is deleted, all resources contained in the directory are also deleted; so you should be sure you don’t need the directory before you delete it.
There are some conditions before you can delete the AD from portal because it will impact the users or Applications.
global administrator who will delete the AD
sync will need to be turned off if you are using in house AD to Azure
Other users must be deleted in the cloud directory by using the Management Portal or the Azure module for Windows PowerShell.
Any applications must be deleted before the AD can be deleted.
Make sure there is no online subscription connected with AD.
Check in Azure management ? settings for more info.
I hope you can resolve your issue quicker.
Let me know the outcome.
Regards

Resources