SYMPTOM: You have an Azure Active Directory (AAD) you'd like to delete. This directory was at one time used to back a Visual Studio Online (VSO) account. You cannot delete the AAD because there is still a VSO entry in it's APPLICATIONS list and you see this message when trying to delete the AAD:
IMG: "Directory contains one or more applications that were added by a user or administrator"
You also see the following in the APPLICATIONS list for the AAD:
RESOLUTION: Assuming you've already removed the AAD backing from the VSO account and satisfied all other criteria for deletion of an AAD, you should be able to delete it after manually disabling the Microsoft.VisualStudio.Online Service Principal via PowerShell. To do that:
*!*WARNING: Only do this if you don't care about the AAD and intend to delete it. *!*
1. On an x64 Windows machine, download and install the x64 versions of the Microsoft Online Services Sign-In Assistant for IT Professionals RTW (https:/www.microsoft.com/en-us/download/details.aspx?id=41950) and the most recent version of the Azure Active Directory Module for Windows PowerShell (http://social.technet.microsoft.com/wiki/contents/articles/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx).
[OPTIONAL] If you don't already have one, log in to Azure and create a new user with Global Admin permissions in the AAD you're trying to delete. User must be in the AAA@BBB.OnMicrosoft.com format. If you create this new user, make sure you use it to log in to Azure once and change your password before proceeding to step 2 (new users must set password on first connect).
2. Open the Azure Active Directory Module for Windows PowerShell and execute the following:
Connect-MsolService (Prompts for creds. Log in with @onmicrosoft account from above. You can't use a Microsoft account here.)
Get-MsolServicePrincipal | Remove-MsolServicePrincipal (This will generate errors for the SPs that cannot be removed - that's expected - but it will take out the VSO entry)
3. Log in to https://manage.windowsazure.com as the service admin for the AAD and try to delete the AAD now (after you've removed the @onmicrosoft.com Global Admin user, of course).
Hope this helps! 🙂