question

KevinM-5276 avatar image
0 Votes"
KevinM-5276 asked KevinM-5276 answered

Can't Delete Groups in Azure AD

I am on a trial account. I created a custom domain and set up AD sync connector and imported all users and groups. A last minute change was given to me to change the custom domain from .com to .org so I was going through to remove the .com which has the users and groups associated to it. I was able to remove all the users in question, but the groups do not give me the ability to edit them. It's as if they are orphaned objects and since this is a trial account I am unsure how to get around this issue.

Any advice would be helpful.

azure-active-directoryazure-ad-group-management
· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soysoliscarlos avatar image soysoliscarlos ·

Hi @

In order to help you, we require more information.

Are you still using the Azure AD connect?

Share the screenshot of the configuration of one of these groups, specifically, we need to know if their source is Cloud or Windows Server AD

Getting that information may help you (and the community) to understand the current situation.

Carlos Solís Salazar

NOTE: To answer you as quickly as possible, please mention me in your reply.


0 Votes 0 ·
KevinM-5276 avatar image KevinM-5276 soysoliscarlos ·

Carlos Solís Salazar:

The source for all of these is Windows Server AD. I have already removed Azure AD Connect so that it could not have any writeback to the on-prem domain.

195637-group.jpg


0 Votes 0 ·
group.jpg (35.7 KiB)
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 KevinM-5276 ·

Hi

Did you try to delete it from PS terminal?

Remove-AzureADMSDeletedDirectoryObject


BR,

0 Votes 0 ·
KevinM-5276 avatar image KevinM-5276 ·

Progress from my own research. Security Groups can be done from the shell command just fine: az ad group delete --group 'Group Name'
Distribution Groups on the other hand give the error: "Cannot Delete a mail-enabled security groups and or distribution list." I will update when I determine a fix for these if I do not get any response in advance.

0 Votes 0 ·
KevinM-5276 avatar image KevinM-5276 KevinM-5276 ·

Can't add an owner to the mail-enabled security groups and distribution lists either: az ad group owner add --group <ID> --owner-object-id <ID>
Cannot Update a mail-enabled security groups and or distribution list.

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 KevinM-5276 ·

@KevinM-5276

Well I would say that you can also try it from the office admin center

0 Votes 0 ·

1 Answer

KevinM-5276 avatar image
0 Votes"
KevinM-5276 answered

Ok, I way overcomplicated this:

  1. Reinstalled Azure AD Connect.

  2. Synced all items again to get things to where they were.

  3. Created a blank OU

  4. Pointed sync to only sync that one OU.

  5. The rest vanished on sync.

Much cleaner and efficient. Should have known to do that in the first place.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.