In this post, I will explain how to remove users or groups from Azure AD that were synchronised into Azure AD (your tenant) but are left behind after removing Azure AD Connect . In other words, you cannot delete them from Azure portal as the ‘Delete’ option will be greyed out.
We need to use Azure AD PowerShell to make this work. Install the PowerShell Module first (using an elevated console) from PowerShell gallery. Install-Module -Name Az -AllowClobber By default, the PowerShell gallery isn’t configured as a trusted repository for PowerShellGet. The first time you use the PSGallery you see the following prompt: Untrusted repository You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from ‘PSGallery’? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”): Answer Yes or Yes to All to install the module.
After the module is installed, connect to Azure with a browser sign in token Connect-AzAccount This will bring up the sign-in page for you to login using Azure credentials.
#Import the module Import-Module Az Delete ADUsers The below command will get all the AD users into a .csv file. Get-AzADUser | select DisplayName | Export-Csv C:\temp\azusers.csv -NoTypeInformation
Open the azusers.csv file and remove the Global Administrator account. Next type the below command to remove all the synced users in Azure: Import-Csv C:\temp\azusers.csv | Remove-AzADUser -force Delete AD Groups Get all the AD Groups using Get-AzADGroup Note the Object ID for the groups. To delete AD Groups use the below shown command.
Using the above PowerShell method we can easily delete the synced users and Groups.