Troubleshoot user creation and deletion issues in Microsoft Entra ID

This article outlines the methods in Microsoft Entra ID you can use to:

  • Create a user.
  • Delete a user.
  • Create users in bulk.


Methods for user creation and deletion

Microsoft Entra ID has many methods for creating and deleting users, such as:

These methods refer to users who are created directly in Microsoft Entra ID. The article doesn't cover users who are created elsewhere and then synced to Microsoft Entra ID or business-to-business scenarios.

Create a user

Select a method to create a user in Microsoft Entra ID.

To add a new user in the Azure portal:

  1. In the Azure portal, sign in as a Global Administrator or a User Administrator.

  2. Search for and select Microsoft Entra ID.

  3. Select Users, and then select New user.

  4. On the User page, enter the user's Name, User name, Groups, Directory role, and Job info.

  5. Copy the autogenerated password provided in the Password box. You'll need to give this password to the user to sign in for the first time.

  6. Select Create.

For more information, see Add or delete users - Microsoft Entra ID.

Delete a user

Select a method to delete a user in Microsoft Entra ID.

To delete a user in the Azure portal:

  1. In the Azure portal, sign in as a Global Administrator or a User Administrator.

  2. Search for and select Microsoft Entra ID.

  3. Select Users.

  4. Search for and select the user you want to delete from your Microsoft Entra tenant (for example, Mary Parker).

  5. Select Delete user.

The user is deleted and no longer appears on the Users - All users page. You can view the user on the Deleted users page for the next 30 days. You may also restore the deleted user during that time. For more information about restoring a user, see Restore or remove a recently deleted user using Microsoft Entra ID.

After you delete a user, any licenses that the user consumes are made available for other users.

Create users in bulk

For more information about creating or deleting users in bulk, see Bulk create users in Microsoft Entra ID.

Permissions required to manage users with a service principal

If you want to automate the creation and deletion of your Microsoft Entra users on Microsoft Graph, your application needs the following permissions:

For more information about who can manage each aspect of user management, see Least privileged roles by task in Microsoft Entra ID—Users.

Error messages and remediation actions

The following table contains a list of common error messages when you attempt to create or delete a user in Microsoft Entra ID, and describes the proper remediation actions for them. The error messages are as shown for the Microsoft Graph REST API, Azure PowerShell, or Azure CLI. Similar, but briefer error messages are shown in the Azure portal, and the remedial actions are identical.

Error message Action
Another object with the same value for property userPrincipalName already exists. Make the user principal name (UPN) unique. This error occurs when the administrator attempts to create a user with an existing user name in Microsoft Entra ID. For more information, see User name policies.
Insufficient privileges to complete the operation. Find a Global Administrator or a User Administrator to add or delete the user. This error occurs when the security principal tries to create or delete users, but doesn't have the needed permissions. A Global admin can create or delete any user, including other admins. A User admin can create users and delete any non-admin users, Helpdesk administrators, and other User admins.
Property userPrincipalName is invalid. See User name policies for a list of allowed and disallowed characters. This error occurs when you create a new user with unacceptable characters in the UPN. The user name and email address properties also can't contain accent characters.
The specified password does not comply with password complexity requirements. Please provide a different password. Avoid using a password that:
The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization. Make sure the domain you're using to create the user is on the list of verified domains in the Microsoft Entra admin center. The status of the domain needs to be Verified. If you've verified the domain status, see whether the domain is Federated (has a checkmark) or Managed (doesn't have a checkmark). You can only create users in Microsoft Entra ID for managed domains. For federated domains, you must create the user on the identity provider (IdP), and then sync to Microsoft Entra ID. You can't assign a federated domain to a user.

Directory quotas

For the Free edition of Microsoft Entra ID, you can create a maximum of 50,000 Microsoft Entra resources in a single tenant by default. If you use at least one verified domain, the default Microsoft Entra service quota for your organization is extended to 300,000 Microsoft Entra resources. For organizations that are created by self-service sign-up, the Microsoft Entra service quota remains 50,000 Microsoft Entra resources. This limit applies even if you made an internal admin takeover and converted the organization to a managed tenant with one or more verified domains. This service limit is unrelated to the pricing tier limit of 500,000 resources on the Microsoft Entra pricing page. To go beyond the default quota, you must contact Microsoft Support.

For more information, see Microsoft Entra service limits and restrictions.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.