Can't Delete Groups in Azure AD

Kevin M 11

I am on a trial account. I created a custom domain and set up AD sync connector and imported all users and groups. A last minute change was given to me to change the custom domain from .com to .org so I was going through to remove the .com which has the users and groups associated to it. I was able to remove all the users in question, but the groups do not give me the ability to edit them. It's as if they are orphaned objects and since this is a trial account I am unsure how to get around this issue.

Any advice would be helpful.

Carlos Solís Salazar 16,531 Reputation points

2022-04-22T15:18:10.22+00:00

Hi @

In order to help you, we require more information.

Are you still using the Azure AD connect?

Share the screenshot of the configuration of one of these groups, specifically, we need to know if their source is Cloud or Windows Server AD

Getting that information may help you (and the community) to understand the current situation.

Carlos Solís Salazar

NOTE: To answer you as quickly as possible, please mention me in your reply.
Kevin M 11 Reputation points

2022-04-22T15:28:22.11+00:00

Progress from my own research. Security Groups can be done from the shell command just fine: az ad group delete --group 'Group Name'
Distribution Groups on the other hand give the error: "Cannot Delete a mail-enabled security groups and or distribution list." I will update when I determine a fix for these if I do not get any response in advance.
Kevin M 11 Reputation points

2022-04-22T15:43:54.057+00:00

Carlos Solís Salazar:

The source for all of these is Windows Server AD. I have already removed Azure AD Connect so that it could not have any writeback to the on-prem domain.
risolis 8,701 Reputation points

2022-04-22T15:49:12.97+00:00

Hi

Did you try to delete it from PS terminal?

Remove-AzureADMSDeletedDirectoryObject

BR,
Kevin M 11 Reputation points

2022-04-22T17:04:32.44+00:00

Can't add an owner to the mail-enabled security groups and distribution lists either: az ad group owner add --group <ID> --owner-object-id <ID>
Cannot Update a mail-enabled security groups and or distribution list.
risolis 8,701 Reputation points

2022-04-22T18:17:00.247+00:00

@Kevin M

Well I would say that you can also try it from the office admin center
Nicholas Williams 0 Reputation points

2024-03-28T16:10:31.49+00:00

I had orphaned duplicate Windows Server AD generated groups because of Azure Connect Sync.
I was able to remove them using Cloud Shell > PowerShell:
az ad group delete --group ObjectId
Change the ObjectId without quotes and refresh your Entra ID list of groups to see the changes.

2 answers

Kevin M 11 Reputation points

2022-04-22T21:36:30.357+00:00
Ok, I way overcomplicated this:

Reinstalled Azure AD Connect.

Synced all items again to get things to where they were.

Created a blank OU

Pointed sync to only sync that one OU.

The rest vanished on sync.

Much cleaner and efficient. Should have known to do that in the first place.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Biswajit Biswas 0 Reputation points

2023-11-29T09:28:30.15+00:00
Nice research Kevin; perfectly working on my test domain & I had only security groups.

az ad group delete --group 'SubscriptionReaders' --verbose
Please sign in to rate this answer.

0 comments No comments
Sign in to comment