Walkthrough of Deleting an Azure AD Tenant

  • Article

 

Hi All,

This is a quick walkthrough of deleting an Azure AD Tenant.  There are usually some cases when you cannot delete the tenant from the Azure Portal straight away, and I will walk you through a common scenario.

Usually, you navigate to the Portal, select your Azure Active Directory (AAD) tenant, and try to delete it using the taskpane “Delete” functionality:

clip_image002

But, many time, you will receive an error stating you cannot delete the tenant, because you have one or more applications that are still hanging around:

clip_image004

So, how do we rectify this?  Well, first step, you will need to create a new OrgID (Work or School account) in the directory you are trying to delete, to perform these next cleanup actions. The user you create should have Global Admin perms.  Below I will create the user “Delete Me”, in the target AAD tenant I’m attempting to delete:

clip_image006 clip_image008

You will need to copy the created user account’s temporary password, and then login and change this account’s password first, in order to continue:

clip_image010 clip_image012

Next, I recommend to open an Internet Explorer InPrivate session, and go to https://manage.windowsazure.com. Login with the created user account’s temporary password. You will be prompted to change the password, so go ahead and do so. Once that is done you will be redirected to a page which states you do not have any Azure subscriptions active:

clip_image014

At this juncture, you will need your friendly neighborhood PowerShell, with the Azure Active Directory (MSOnline) Module cmdlets installed.

If this is your first time installign them, then first install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the Microsoft Download Center. Then install the Azure Active Directory Module for Windows PowerShell (64-bit version), and click Run to run the installer package.

Open up your PowerShell Command Prompt, and/or Powershell_ISE IDE, and import the module.

You will need to connect to your tenant first, using the administrative user account (“Delete Me” in my case.) you created:
$msolcred = get-credential
connect-msolservice -credential $msolcred

You should now be able to list all the current application SPs in a directory:
Get-MsolServicePrincipal | Select DisplayName

Now, delete all non-required apps in the tenant directory. This should enable you so you can delete the AAD directory.
Get-MsolServicePrincipal | Remove-MsolServicePrincipal

Note: Once I completed this step, here’s what I have left when listing listing again all the current application SPs in the directory using Get-MsolServicePrincipal | Select DisplayName:

Microsoft.Azure.ActiveDirectory
Microsoft.Azure.ActiveDirectoryUX
Microsoft.Azure.GraphExplorer
Microsoft.Azure.Portal
Microsoft.Azure.GraphStore
Microsoft.Azure.SyncFabric

 

Now that you are done, you will have to delete your user in AAD first, before deleting the Directory, or you will get a message saying you cannot delete the directory, because you have one or more users. (Make sure all but the primary administrator of the AAD tenant has been removed):

clip_image016

Also, if you have AD Premium enabled, you also must remove your Premium subscription, or you will not be able to delete your Directory Tenant. The error you receive will state that your “Directory has one or more subscriptions to Microsoft Online Services.”

clip_image018

TO remove your Premium subscription, navigate to your Directory Tenants Licenses area and remove the Premium subscription.

clip_image020

You should now be able to delete your directory successfully.  

clip_image022

That’s it! Hopefully you found this walkthrough useful!

 

Best Regards,
Eric