I’ve recently added a cool feature on http://alexmang.ro, namely subscriptions. If you like my writing or ever stumbled upon one of my articles via your favorite search engine (Bing!, of course), why not automatically get notified when I post anything new?

Blog subscription

Blog subscriptions works by simply typing in your e-mail address in the ‘insert e-mail here‘ text box on the right column and clicking the ‘Keep me posted!‘ button. After subscribing, you’ll get an e-mail from donotreply@wordpress.com whenever I post a new blog post.

Happy coding!

No really, do YOU seriously believe your IT infrastructure is safe?

Paula JanuszkiewiczRenowned Security Expert, Paula Januszkiewicz, specialized in Penetration Testing, Enterprise Security MVP and MCT and Microsoft Security Trusted Advisor, #1 speaker at premium IT conferences such as Microsoft Ignite, TechEd, RSA and more, will be in Romania for a 5-day security hands-on class in Bucharest, put together by Avaelgo Training.

During the 17th and 21st of August, Paula will host the Windows Infrastructure Masterclass, which aims to bring the specialization within hacking and securing IT infrastructures. This course especially designed for enterprise administrators, infrastructure architects, security professionals, system engineers, network administrators, IT professionals and security consultants. As an added benefit, attendees will become Certified Security Engineers (CSEN).

Therefore, if you have you’re feet on the ground and realize that you MUST know more about security, this course is a must-attend-to and you’d better make sure you have you’re agenda free during August 17 and 21.

One of the leading companies to provide in-depth analysis of emerging technologies and their impact on either individual or corporate environments, namely Gigaom Research, formed of over 200 independent analysts, has recently provided, after a thorough analysis of various PaaS cloud providers, a chart of score results against several disruptive vectors.

The way this works is by averaging scores given by their experts for key cloud provider capabilities, such as multi-cloud deployments, DevOps, mobile app development and more.

Guess what the result was! Microsoft Azure fronted the ‘wolf pack’, ‘edging out competitors including Amazon and Google’, as they stated in a recent announcement.

Every now and then when I try to delete an Azure¬†Active Directory¬†directory it just so happens that I get this funny ‘Directory contains one or more applications that were added by a user or administrator’ error message.


error msg delete directory azure active directory

What’s so funny about it? Well, the simple fact that all the applications the message mentiones seem, at least from the portal side, to be automatically created when the directory is set up. So what can the solution be?

As it turns out, the Azure Management Portal doesn’t actually list ALL the applications it creates when you set up a new directory and not only does it do that, but it also creates a few application on your behalf (you, the administrator) when you create the directory service from within the Portal. In order to delete these AAD applications, you’re required to get your hands dirty and do some PowerShell scripting.

First, because Azure Active Directory is an upgrade from the former Microsft Online Services identity service, please be aware that you might need to install a few additional tools on your computer, namely Microsoft Online Services Sign-In Assistant for IT Professionals RTW (that sounds so Microsoft :-)) and also the Azure Active Directory Module for Windows PowerShell – it’s preferable to install the 64-bit version of these tools, as the 32-bit version is discontinued by the time of this writing.

Once installed, go back to the Azure Management Portal and create a new organizational user within that particular directory (yes, I know, you need to have max. 1 identity within a directory to delete it, but you will still need an additional user IF your single AAD global admin is a Microsoft Account):

aad new user azure active directory

Make sure you mark the new user as a Global Admin and have an additional e-mail address in handy, since Global Admins are required to provide a backup e-mail address in order to get automated e-mail from the system.

Since the New User dialog created a temporary password for this user, quickly go to http://portal.microsoftonline.com and login using the new user you’ve just created. You will be prompted to change the temporary password.

Once you did this, you can open up a new PowerShell console or PowerShell ISE window. Within PowerShell, write the following cmdlet in order to connect to the directory. When prompted, use the credentials of the user account you just created from within the Azure Management Portal.

Connect-MsolService

Next, you can use the following cmdlet to retrieve the list of applications which reside on that AAD directory.

Get-MsolServicePrincipal | Select DisplayName

This will return the list of application which are currently installed on that AAD directory and you’ll quickly realize that the list contains way more than just the two application you see inside the Azure Management Portal:

  • Microsoft.Azure.ActiveDirectory
  • Microsoft.SMIT
  • Microsoft.Office365.Configure
  • Windows Azure Service Management API
  • Microsoft.SupportTicketSubmission
  • Microsoft.Azure.ActiveDirectoryUX
  • Microsoft.Azure.GraphExplorer
  • Microsoft.Azure.Portal
  • AzureApplicationInsights
  • Microsoft Policy Administration Service
  • Microsoft.VisualStudio.Online
  • SelfServicePasswordReset

In order to delete all these applications, you can go ahead and run the following cmdlet. Be aware though that not all application can be deleted and that some deletion processes will end up in an error different from the one shown within the PS console (nuts, right?) – ignore this.

Get-MsolServicePrincipal | Remove-MsolServicePrincipal

Afterwards, go back in the Azure Management Portal and delete the organization user account you created earlier and then delete the entire directory.

Voila, worked like a charm!