Walkthrough of Deleting an Azure AD Tenant
This is a quick walkthrough of deleting an Azure AD Tenant. There are usually some cases when you cannot delete the tenant from the Azure Portal straight away, and I will walk you through a common scenario.
Usually, you navigate to the Portal, select your Azure Active Directory (AAD) tenant, and try to delete it using the taskpane “Delete” functionality:
But, many time, you will receive an error stating you cannot delete the tenant, because you have one or more applications that are still hanging around:
So, how do we rectify this? Well, first step, you will need to create a new OrgID (Work or School account) in the directory you are trying to delete, to perform these next cleanup actions. The user you create should have Global Admin perms. Below I will create the user “Delete Me”, in the target AAD tenant I’m attempting to delete:
You will need to copy the created user account’s temporary password, and then login and change this account’s password first, in order to continue:
Next, I recommend to open an Internet Explorer InPrivate session, and go to https://manage.windowsazure.com. Login with the created user account’s temporary password. You will be prompted to change the password, so go ahead and do so. Once that is done you will be redirected to a page which states you do not have any Azure subscriptions active:
At this juncture, you will need your friendly neighborhood PowerShell, with the Azure Active Directory (MSOnline) Module cmdlets installed.
If this is your first time installign them, then first install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the Microsoft Download Center. Then install the Azure Active Directory Module for Windows PowerShell (64-bit version), and click Run to run the installer package.
Open up your PowerShell Command Prompt, and/or Powershell_ISE IDE, and import the module.
You will need to connect to your tenant first, using the administrative user account (“Delete Me” in my case.) you created:
$msolcred = get-credential
connect-msolservice -credential $msolcred
You should now be able to list all the current application SPs in a directory:
Get-MsolServicePrincipal | Select DisplayName
Now, delete all non-required apps in the tenant directory. This should enable you so you can delete the AAD directory.
Get-MsolServicePrincipal | Remove-MsolServicePrincipal
Note: Once I completed this step, here’s what I have left when listing listing again all the current application SPs in the directory using Get-MsolServicePrincipal | Select DisplayName:
Now that you are done, you will have to delete your user in AAD first, before deleting the Directory, or you will get a message saying you cannot delete the directory, because you have one or more users. (Make sure all but the primary administrator of the AAD tenant has been removed):
Also, if you have AD Premium enabled, you also must remove your Premium subscription, or you will not be able to delete your Directory Tenant. The error you receive will state that your “Directory has one or more subscriptions to Microsoft Online Services.”
TO remove your Premium subscription, navigate to your Directory Tenants Licenses area and remove the Premium subscription.
You should now be able to delete your directory successfully.
That’s it! Hopefully you found this walkthrough useful!