-1

Is there a automatic(script or similar) way of removing account subscription from Azure DevOps when account removed from company AD. Today this is a manual effort in our company and not very effective.

user3440473
  • 23
  • 5
  • Please check whether my answer can help you. If not, could you please let me know where you want to remove account subscriptions. Account subscriptions may be on Service Connections, Billings, etc.. – Jane Ma-MSFT Oct 13 '20 at 03:13
  • Sorry for not being clear in my description. I did not mean subscriptions, rather remove user in the AzDO organizations when removed from AD. – user3440473 Oct 14 '20 at 08:41

2 Answers2

0

If you want to delete service connections of subscriptions, you can use some REST APIs.

Step1. Get the project id where you want to delete connections

GET https://dev.azure.com/{organization}/_apis/projects/{projectName}?api-version=6.1-preview.4

Step2. Get a list of service connection ids in the project:Endpoints - Get Service Endpoints list

GET https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?api-version=6.1-preview.4

Or you can get a specific service connection id by its name: Endpoints - Get Service Endpoints By Names:

GET https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints?endpointNames={endpointNames}&api-version=6.1-preview.4

Step3: Delete service connections: Endpoints - Delete:

DELETE https://dev.azure.com/{organization}/_apis/serviceendpoint/endpoints/{endpointId}?projectIds={projectIds}&api-version=6.1-preview.4

Multiple service connections can be quickly deleted by using the service connection id as the {endpointId} and repeating this REST API.

Jane Ma-MSFT
  • 4,461
  • 1
  • 6
  • 12
0

Thanks, this partly answers my questions. In the best of worlds I would however the account be removed from the AzDO organisation (automatically) when removed from AD. Using group rule for example does not remove the users from the organization.

It would also be OK to have a script that checks if user is part of AD and then removes from AzDO organization if not available in the AD.

user3440473
  • 23
  • 5
  • As you said, I think the script can solve this problem in general. Use scripts to get user names for all users in the AAD and organization, then write a simple program to find users that are in the organization but not in the AAD. Finally, use REST API [Update User Entitlement](https://learn.microsoft.com/en-us/rest/api/azure/devops/memberentitlementmanagement/user%20entitlements/update%20user%20entitlement?view=azure-devops-rest-6.0) to bulk remove them. – Jane Ma-MSFT Oct 14 '20 at 09:24