0

i found this article

but using the PS is not possible for me: I am not able to connect to azure this way with my user (the powershell-login with .de-domain does not work) - Thank u MS! Now i have no idea anymore, how to remove the directory.

Can you help me, please?

Greetings, Ulrich

3 Answers3

1

Step 1: Connecting to Azure via Powershell

MSOnline seems to be deprecated:

Now i installed Install-Module AzureAD

The login works fine.

0

Are you connecting to the Germany cloud? If so you need to specify the -AzueEnvironment AzureGermanyCloud

https://learn.microsoft.com/en-us/powershell/module/msonline/connect-msolservice?view=azureadps-1.0

Ken W - Zero Networks
  • 3,533
  • 1
  • 13
  • 18
  • Hello Ken, it seems to be a problem with login-formula: i typed "yyy@xxx.de", but the error-message is: "xxx.de" befindet sich nicht in unserem System. Stellen Sie sicher, dass Sie Ihre E-Mail-Adresse richtig eingegeben haben. Das Format lautet üblicherweise "jemand@example.com" oder "jemand@example.onmicrosoft.com". Thank you for the link. I tried, but it is the same problem... –  Mar 11 '19 at 11:07
  • I also tried this script: $User = "yyy@xxx.de" $Password = "***" $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force $msolcred = New-Object -TypeName System.Management.Automation.PSCredential ($User,$SecurePassword) connect-msolservice -credential $msolcred -AzureEnvironment AzureGermanyCloud Result is the same: No success... connect-msolservice : Authentication Error: Bad username or password. In Zeile:5 Zeichen:1 –  Mar 11 '19 at 11:19
  • PS C:\WINDOWS\system32> $PSVersionTable.PSVersion Major Minor Build Revision ----- ----- ----- -------- 5 1 17134 590 –  Mar 11 '19 at 11:23
  • The first message is saying the yyy@xxx.de is not found in the system. Are you a Global Admin for the AAD? Do you know the AAD tenant name? That would allow you to try the "jemand@example.onmicrosoft.com" username and possibly reset the password (if you set up an email or SMS phone number). – Ken W - Zero Networks Mar 11 '19 at 12:23
  • Hello Ken, thanks for your answer :-) Yes, i am the global admin. There is a misunderstanding: i typed "yyy@xxx.de" but the login-error-message was (translation) "xxx.de is not in our system...". so perhaps the prefix and the "@" is not recognized by the login-form-field... The pw is copy&paste from a passwordsafe, and i tried about 10-15 times, so i think, it can be excluded as an error-source... Also the credentials are fine for login in the Azure-Portal-Website. –  Mar 11 '19 at 13:55
  • Can you try to use Fiddler to see if it's trying to log on to `https://login.microsoftonline.de` or `https://login.microsoftonline.com`? – Ken W - Zero Networks Mar 11 '19 at 13:55
  • POST https://login.microsoftonline.de/common/GetCredentialType?mkt=de-DE HTTP/1.1 Response:{"Username":"xxx@yyy.de","Display":"xxxx@yyy.de","IfExistsResult":1,"ThrottleStatus":1,"Credentials":{"PrefCredential":1,"HasPassword":true,"RemoteNgcParams":null,"FidoParams":null,"SasParams":null},"EstsProperties":{"DomainType":1}," –  Mar 11 '19 at 14:48
  • Good idea, Ken: The Portal-Website-Login uses "login.microsoftonline.com" so i tried in Powershell: connect-msolservice -AzureEnvironment AzureCloud. Now it uses "login.microsoft.com" too, but the error still remains –  Mar 11 '19 at 14:59
  • Is MFA enabled? If so, take a look at https://supertekboy.com/2018/11/07/connect-msolservice-may-fail-when-mfa-is-enabled/ – Ken W - Zero Networks Mar 11 '19 at 15:30
  • I followed the instructions:PS C:\WINDOWS\system32> find-module -name MSOnline Version Name Repository Description ------- ---- ---------- ----------- 1.1.183.17 MSOnline PSGallery Microsoft Azure Active Directory Module for Wind... --> No Scuccess –  Mar 11 '19 at 17:29
  • PS-Error: connect-msolservice : Authentication Error: Unexpected authentication failure. In Zeile:1 Zeichen:1 + connect-msolservice -AzureEnvironment AzureCloud + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [Connect-MsolService], Exception + FullyQualifiedErrorId : System.Exception,Microsoft.Online.Administration.Automation.ConnectMsolService –  Mar 11 '19 at 17:34
  • If you have support, you will want to open a ticket. I suspect since you are here, you do not. Hopefully someone from else can chime in. – Ken W - Zero Networks Mar 11 '19 at 17:50
  • Hello Ken, i think, i have solved the problem. Thank you very much for your help! Now i will post some links i found that are very helpful, then i will close this task. Greetings, Ulrich –  Mar 11 '19 at 19:06
0

Step 2: Deleting the tenant

Authenticating with Azure Active Directory on powershell

AzureAD-Commands

a) connect-AzureAD -tenantid <your-tenant-id> Azure Active Directory --> Properties --> Directory ID

b) Get-AzureADApplication --> (+)

For every Application:

Remove-AzureADApplication -objectid <your-application-id> --> (+)

then:

Remove-AzureADServicePrincipal -ObjectId <your-enterprise-application-id>

Azure Active Directory --> Delete Directory --> Exterprise Applications

For every Exterprise Applications: Click on row --> copy Object ID = <your-enterprise-application-id>

c) In my case i was able to delete the directories (tenants) after a) and b)