Share via

Fixing orphaned Azure DevOps org

AL 20 Reputation points
2025-04-06T01:34:24.04+00:00

We have an ADO org where the owner has left the company. This account has been disabled. I am an Azure Global Admin and an ADO Admin in Entra ID - all active.

When I go to the Org Settings for the Org, the Change Owner button is greyed out.

There is a warning above it that states: Warning: The owner and project collection administrator(s) for this organization are inactive in Microsoft Entra. This provides a Change Owner button, which is also greyed out.

I have followed all the steps explained here: https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/resolve-orphaned-organization?view=azure-devops

Any help appreciated.

Azure DevOps
0 comments
Accepted answer
  1. Gaurav Kumar 230 Reputation points Microsoft External Staff
    2025-04-07T10:38:18.14+00:00

    Hi AL,

    Use Azure DevOps CLI-based method and REST API to resolve this issue:

    • Install the Azure DevOps CLI extension and configure your organization context using the below commands:
    az extension add --name azure-devops
az login
az devops configure --defaults organization=https://dev.azure.com/org_name

    Replace org_name with your actual ADO organization name.

    • Forcibly add yourself as a Project Collection Administrator (PCA)
    az devops security group membership add --group-id "Project Collection Administrators" --member-id ENTRA_OBJECT_ID --org https://dev.azure.com/org_name

    Replace ENTRA_OBJECT_ID with your Microsoft Entra user object ID (you can get it using az ad signed-in-user show --query objectId --output tsv) and org_name with your Azure DevOps organization name.

    • Change the organization owner via the REST API and Generate a Personal Access Token (PAT):

    Navigate to: https://dev.azure.com/org_name/_usersSettings/tokens

    Create a new PAT with Organization > Manage scope.

    curl -X PATCH -u user_name:PAT -H "Content-Type: application/json" -d '{"newOwnerId": "ENTRA_OBJECT_ID"}' https://dev.azure.com/org_name/_apis/organizationmanagement/OrganizationSettings?api-version=7.1-preview.1

    Replace user_name with your email or Azure DevOps username, PAT with your actual Personal Access Token (used in the format username:PAT for basic authentication), and ENTRA_OBJECT_ID with your Entra user object ID.

    This method will successfully resolve the orphaned Azure DevOps organization issue and restore full administrative control.

    Hope it helps!

    Please do not forget to click "Accept the answer” and Yes wherever the information provided helps you, this can be beneficial to other community members.

    User's image

    If you have any other questions or still running into more issues, let me know in the "comments" and I would be happy to help you.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.