Permanently delete an item (directory object)

Namespace: microsoft.graph

Permanently delete a recently deleted application, group, servicePrincipal, or user object from deleted items. After an item is permanently deleted, it cannot be restored.

Administrative units cannot be permanently deleted by using the deletedItems API. Soft-deleted administrative units will be permanently deleted 30 days after initial deletion unless they are restored.

Permissions

The following table shows the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Supported resource	Delegated (work or school account)	Delegated (personal Microsoft account)	Application
application	Application.ReadWrite.All	Not supported.	Application.ReadWrite.OwnedBy
group	Group.ReadWrite.All	Not supported.	Not supported.
servicePrincipal	Application.ReadWrite.All	Not supported.	Application.ReadWrite.OwnedBy
user	User.ReadWrite.All	Not supported.	Not supported.

For delegated scenarios, the calling user needs to have one of the following Azure AD roles.

• To permanently delete deleted applications or service principals: Application Administrator, Cloud Application Administrator, or Hybrid Identity Administrator.
• To permanently delete deleted users: User Administrator.
• To permanently delete deleted groups: Groups Administrator.

HTTP request

DELETE /directory/deletedItems/{id}

Request headers

Name	Description
Authorization	Bearer <code> Required
Accept	application/json

Request body

Do not supply a request body for this method.

Response

If successful, this method returns 204 No Content response code. It does not return anything in the response body.

Example

Request

HTTP

DELETE https://graph.microsoft.com/v1.0/directory/deletedItems/{object-id}

C#

var graphClient = new GraphServiceClient(requestAdapter);

await graphClient.Directory.DeletedItems["{directoryObject-id}"].DeleteAsync();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/directory/deletedItems/{object-id}')
	.delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.directory().deletedItems("{object-id}")
	.buildRequest()
	.delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



graphClient.Directory().DeletedItemsById("directoryObject-id").Delete(context.Background(), nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Identity.DirectoryManagement

Remove-MgDirectoryDeletedItem -DirectoryObjectId $directoryObjectId

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);


$graphServiceClient->directory()->deletedItemsById('directoryObject-id')->delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 204 No Content