How to Delete Users From Azure AD After AD Connect instance has been deleted

Author by Jack Bumgarner

I encountered this issue while working on the Windows and Office Deployment Lab Kit, however, it may be useful to others who may be coming across this issue elsewhere.

 

In my case, I had started the deployment lab just before it was set to expire on 6/16/19. I had configured my lab using AD connect to hybrid join the objects in my on-premise active directory to Azure AD.

 

Unfortunately after this point, I had realized that the lab had expired and that it would be best to start the lab again using the new up-to-date lab that is set to expire 8/27/19 to give myself more room to complete it.

 

Using the same tenant, I began the lab again but soon realized I had not broken the connection between Azure and the old active directory created in the first lab. This meant that the old instance of Azure AD Connect was deleted. This resulted in duplicated objects when the new lab's Active Directory was synced using AD Connect on DC1 with no way to remove these objects (or so I thought).

 

This sent me on the search to break this link and update my Azure AD to only contain objects from the new lab.  The following steps are the solution I was led to after quite a bit of searching.

 

  1. Log into Azure AD PowerShell (as global administrator)

 

Connect-MsolService

 

  1. Query the groups present in Azure AD if the objects you need to delete are all located and consolidated to the same groups. In my case, they were. This will return a list format of all of the groups located in your Azure AD.

 

Get-MsolGroup

 

  1. Replace EnterDisplayNameHere with the group you would like to delete. There will be a confirmation message asking if you would like to delete the selected group. Type "Y" and press enter to confirm that you would like to delete the group. Remember that deleting this group will only effect the group in Azure AD, not in Active Directory.

 

Get-MsolGroup -SearchString "EnterDisplayNameHere" | Remove-MsolGroup

 

  1. At this point it would be a good idea to query Azure AD to make sure they are deleted. This should return a list that does not include the group you've deleted. Once it is gone, you will know it has been deleted. Please note that it may take a few minutes for the process to take effect.

 

Get-MsolGroup

 

After this step, the objects will be deleted from Azure AD, but they will still exist in Active Directory. To add these objects back to Azure AD, run Azure AD Connect once more.