Permanently delete an item (directory object)

Namespace: microsoft.graph

Permanently delete a recently deleted application, group, servicePrincipal, or user object from deleted items. After an item is permanently deleted, it cannot be restored.

Administrative units cannot be permanently deleted by using the deletedItems API. Soft-deleted administrative units will be permanently deleted 30 days after initial deletion unless they are restored.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

For applications and service principals:

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	Application.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	Application.ReadWrite.OwnedBy, Application.ReadWrite.All

The calling user must be the owner of the application or the calling app must be assigned one of the following Azure AD roles:

• Global Administrator
• Application Administrator
• Cloud Application Administrator
• Hybrid Identity Administrator

For users:

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	User.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	Not supported.

The signed-in user needs to have one of the following roles: Global Administrator or User Administrator.

For groups:

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	Group.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	Not supported.

The requestor needs to have one of the following roles: Global Administrator or Groups Administrator.

HTTP request

DELETE /directory/deletedItems/{id}

Request headers

Name	Description
Authorization	Bearer <code> Required
Accept	application/json

Request body

Do not supply a request body for this method.

Response

If successful, this method returns 204 No Content response code. It does not return anything in the response body.

Example

Request

HTTP

DELETE https://graph.microsoft.com/v1.0/directory/deletedItems/{object-id}

C#

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

await graphClient.Directory.DeletedItems["{directoryObject-id}"]
	.Request()
	.DeleteAsync();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/directory/deletedItems/{object-id}')
	.delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.directory().deletedItems("{object-id}")
	.buildRequest()
	.delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)


graphClient.Directory().DeletedItemsById("directoryObject-id").Delete(context.Background(), nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Identity.DirectoryManagement

Remove-MgDirectoryDeletedItem -DirectoryObjectId $directoryObjectId

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);


$graphServiceClient->directory()->deletedItemsById('directoryObject-id')->delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 204 No Content