Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,486 questions
Deleted my Azure Active Directory profile. How to restore?
Eugene G
1
Reputation point
Hi,
I have accidentally deleted my active admin directory profile in https://account.activedirectory.windowsazure.com.
Error message below:
Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_AAD_IAM' because the user account is not a member of tenant '-----------------------------------'.
Error details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '--------------------------'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Pls help, thanks!
{count} votes
-
JamesTran-MSFT 27,506 Reputation points Microsoft Employee2022-08-18T18:18:11.817+00:00 @Eugene G
Thank you for your post!From your issue and error message, do you have any other users that you can log in with, or was the admin account the only user in your Azure AD tenant?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Hi @JamesTran-MSFT
Thank you for your reply. The admin account is the only user in my Azure AD tenant.
I have another user account but do not have access to Azure Active Directory. Logging into this account and clicking on Azure Active Directory gives me the below message:
The portal is having issues getting an authentication token. The experience rendered may be degraded.
Additional information from the call to get a token:
Extension: Microsoft_AAD_IAM
Resource: self
Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_AAD_IAM' because the user account is not a member of tenant '-------------'. Error details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '--------------'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
What do I need to do as a next step? Appreciate any help.
Rgds.
Eugene
Hi @JamesTran-MSFT
I tried getting a new admin email address, but my access was denied. The following message appeared:
"The user ID that you entered is not recognized. If this is a new account, it may take a few hours before you have access to services.
Important: This page does not yet support signing in with a Microsoft account. If you have one already, try signing in again using an account assigned to you by your organization. If you don’t have one, please request a new work or school account from your admin, and then try again."
Hope this message helps you understand my situation better.
Thanks,
Eugene
Hi @JamesTran-MSFT
May I follow up? How do I get around this?
Thanks.
Eugene
Hi @JamesTran-MSFT
If it helps, I found the same problem described in this link below
https://answers.microsoft.com/en-us/msoffice/forum/all/global-administrator-is-deleted-by-mistake/c702bc3c-827a-42fb-a81b-c43e731e3423
Is there a way to restore my admin account because now I am unable to log in using my admin@xxxxxxxxxxxxx .onmicrosoft.com
Thanks again once more.
Hi,
It seems there is only way to restore or get access to the tenant is by raising a support case with Microsoft and it can be restored or provided access via backend.
As you do not have other accounts or any backup admins in the tenant, I do not see any other option.
contactus
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @ JimmySalian-2011,
Thank you for your reply.
The thing is I can't even use my user account to raise support from Azure Portal.
When I click "New support request", the page does nothing (hangs) or I get the below message:
The portal is having issues getting an authentication token. The experience rendered may be degraded.
Additional information from the call to get a token:
Extension: Microsoft_Azure_Support
Resource: self
Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_Azure_Support' because the user account is not a member of tenant '--------------'. Error details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '------------------'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Hi,
Can understand did you tried using a Inprivate browser or igncognito mode in Chrome to access the support link, use your personal account to launch the support URL.
Also you can tweet your issue on Twitter to the following accounts - @azuresupport #azhelp
====
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @JimmySalian-2011
I have tried logging in from a private web browser as well, but am still unable to log in.
I have just tried contacting @azuresupport #azhelp and am waiting for their specialist to be in touch.
Thanks for the advise - cheers.
Hi Eugene,
Sure, thanks for the update in case you need access urgently the support numbers are available via this link and you can contact as per your region.
global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2
===
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @JimmySalian-2011
In case this helps, and for anyone who has encountered the same issue, these were the steps I tried
Great thanks for sharing this update and in case I was able to assist you in anyway or direct to other MS support "Please "Accept the answer" if the information helped you. This will help us and others in the community as well".
Regards.
Jimmy
Sign in to comment
2 answers
Sort by: Most helpful
Hi @Eugene G
Thank you for asking this question on the **Microsoft Q&A Platform. **
An administrator has to restore the user from the folder "Deleted Users" in https://admin.microsoft.com
Hope this helps,
Carlos Solís Salazar
----------
Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.
Hi @Carlos Solís Salazar ,
Thanks for your prompt reply.
I am the admin, and unfortunately I am unable to log into my admin account.
When prompted with the username and when I type in my admin account, the message reads
"xxxxxx.onmicrosoft.com isn't in our system."
Rgds,
Eugene
Hi @Carlos Solís Salazar ,
In addition, when I try to sign in with the old admin account that I deleted, I get the below message:
"We couldn't find an account with that username. Try another, or get a new Microsoft account."
Rgds,
Eugene
Hi @Carlos Solís Salazar ,
In the error detail, it also says that "The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account."
Question: how do I add the account as an external user in the tenant first?
Can you guide me please? Sorry for the multiple messages.
Rgds.
Eugene
Sign in to comment
@Eugene G
Thank you for following up on this and I apologize for the delayed response!
Error Message:
AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application...The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.Because you've accidentally deleted the only user in your tenant and are unable to create a support request, you'll have to reach out to our
Azure Data Protection teamfor further assistance - (866-807-5850) in recovering your user and Azure AD tenant.For future reference, I'd also recommend creating and managing an emergency access account in Azure AD, this will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in.
Additional Link:
Global Customer Service phone numbers
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hi JamesTran-MSFT
Is 866-807-5850 a toll free number? I am unable to dial in from Singapore
Hi @Eugene G ,
Singapore contact number is 800 1013659.
Please check the support contact details - global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @ JimmySalian-2011
Appreciate your reply.
This was the reply I got: "We are really for this inconvenience , for Azure support we have online support or community support that you can connect and ask a question with our Azure support agent online. Due to from my end I have limited tools and resources about the Azure, I advised you to community support as this link below
https://learn.microsoft.com/en-us/answers/products/azure?product=all"
In the last 4 days, I have been directed to phone numbers, webchats, Twitter @azuresupport and back here to community support.
Unfortunately, all the channels I've tried do not seem to have a direct solution to the issue I raised.
Hi @JamesTran-MSFT
On the same topic, under these 2 scenarios, will you be able to advice the outcome:
1) If I reinstalled my existing Office (Home& Business) - would I be able to get my old admin account back?
2) If I installed a new Office (Home& Business)- would I be assigned a new admin account?
Hi,
I guess you are talking about restoring access to the Azure Directory? If yes then answer is Yes if the access is restored you will be able to access the same admin account. And if for some reason the access is not restored and you will have create a new tenant and it will be a new Admin Account.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@EugeneG-438
Thank you for following up on this!
I'm not too familiar with installing/re-installing Office (Home & Business). However, I spoke to our engineering team and was told that the deletion of the last Global Admin within a tenant isn't a support operation. Because of this, would you be able to share your tenant ID so we can see take a look into what happened? Additionally, when you deleted your last admin user from
account.activedirectory.windowsazure.com, did you delete them directly from the portal UI? For more info - Delete a user.@Eugene G
Thank you for following up on this through our feedback channels, and I'm glad that you were able to resolve your issue after working directly with support!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Sign in to comment
Activity