Partager via


How to delete an Azure Active Directory connected to Microsoft Online Services

tl;dr

You are unable to delete an Azure Active Directory (AAD) with error message: "Directory has one or more subscriptions to Microsoft Online Services." In that case it is not possible to delete the directory through the Azure Management Portal. There are two options: a) (a workaround) disconnect the AAD from your account and b) contact support and let the associated domain deleted (not an easy process).

What's the problem?

In my job role as Technical Evangelist for Microsoft Azure I demonstrate Azure a lot and create a lot of AADs, of course in combination with Azure Active Directory Premium. And that's the reason why I can't delete my directories.

If you try, you get the following error message:

2016-01-22 Delete Directory Error Message

If you have one of the following subscriptions connected to your AAD, then you cannot delete the AAD through the Azure Management Portal.

  • Office 365
  • Intune
  • Dynamics
  • Azure Rights Management
  • Azure Active Directory Premium

What's the solution?

As stated in the KB article 2967860 (You can’t delete a directory through the Azure Management Portal) you have to call the support. The reason is, with your AAD is connected a sub domain XXX.onmicrosoft.com. And that is not an easy task to delete that sub domain. If you really need that sub domain delete you have to contact the support.

There is an easy workaround if you just want the AAD disconnected from your account.

  1. Create a new user in your AAD with global admin rights.
  2. Log in at https://portal.office.com with the newly created user account and switch into configuration to the active users. In that list remove your account that you usually use to log in to Azure Management Portal.
  3. That’s it! Of course the sub domain still exists.
  4. Tip: If you want for any chance access again to that AAD save the credentials from step 1.

Step-by-Step

So, you have your list of AADs. If I want to delete an AAD, I get the error message you see above and below.

2016-01-22 Delete Directory Error Message

First, create a new user with global admin rights.

2016-01-22 New User - 6fps

Next, you have to change the initial password of this new user. Generally, you can use whatever site uses an AAD login. I prefer to use myapps.microsoft.com.

2016-01-22 Change Password - 3fps

Next, you go to portal.office.com and login via the newly created user. There, you switch to active users and delete your user account which you use for your Azure login. In my case it is my company account from Microsoft. In your case it could be your company account or some other Microsoft account (former Live ID). You typically recognize this account because it has #EXT# string in it.

2016-01-22 Office Portal - Active Users - 3fps

Finally, you can check back in the Azure Management Portal if you have successfully disconnected your login from the AAD by refreshing the portal.

2016-01-22 AAD reload - 10fps

Things to consider

  1. If you want for any chance access again to that AAD save the credentials from the newly created user. In my case this was the Delete Me user.
  2. The sub domain XXX.onmicrosoft.com still exists and is not deleted. If you want this sub domain delete, you really have to contact support.
  3. As stated in the Azure Directory Limits one single user can only be associated to 20 AADs. If demonstrate AAD a lot like me, you should have a plan.
    1. You can disconnect your user account as described in this article.
    2. You could create an Azure trial account with a new Microsoft account for each demonstration.

Similar Problems

If you have the error message that you cannot delete the AAD because of one or more existing applications, there is a good blog post by Eric Golpe: Walkthrough of Deleting an Azure AD Tenant

The exact error message for that problem would be:

The following issue(s) prevent deletion of this directory:
Directory contains one or more applications that were added by a user or administrator.

About this article

In this article I experimented to use animated GIFs instead of static images. The advantage is that it should be easier to follow the steps. Disadvantage is clearly the flurry on the page. Let me know what do you think in the comments.

Comments

  • Anonymous
    August 15, 2016
    Great article - helped a lot!
  • Anonymous
    September 21, 2016
    Great Article..!! Succesfull solutions...
  • Anonymous
    September 26, 2016
    Hi Great ArticleThe instructions don't work if the subscription in Azure Rights Managements - i spent an hour with support and we still haven't managed to fix...
  • Anonymous
    November 29, 2016
    I started an Azure sync test-scenario. I deleted almost everything. Now I can not even find an option to get rid of this dirty Azure Sync. Especially the warning mail, "can't sync..." is Spam! I'll never use a such an annoying, permanently stressing to continue using the product application. Sorry, keep your dirty Azure and I'll set Microsoft to Spam senders.
  • Anonymous
    February 23, 2017
    Righto mate, this worked first time after many attempts using other techniques. Cheers!