"Cannot delete" error when you try to delete a B2C directory in Azure AD

Symptoms
In a Microsoft Azure Active Directory environment, you set up a B2C directory and then you try to delete it. However, you receive the following error message:

Cannot delete '<contoso>'
The following issue(s) prevent deletion of the directory:
Directory contains one or more applications that were added by a user or administrator

Cause
This problem occurs when existing B2C application service principals (for example, CPIM, Ibiza Portal, and SSPR) are blocking the deletion.
Resolution
To fix this issue, use the Azure portal or Azure AD PowerShell.

Step 1: Delete all apps that are listed on the Azure AD B2C Dashboard

To do this, follow these steps:
  1. Sign in as an administrator who has access to the Azure AD B2C directory at http://portal.azure.com.
  2. Click your display name in the upper-right corner, and then select the directory that's your B2C directory.

    Note If you have only one directory, your Azure AD B2C directory will already be selected.
  3. Click Browse, and then locate and select Azure AD B2C.
  4. Click All Settings, and then click Applications.
  5. Delete all applications.

Step 2: Delete all apps that are listed in the Azure Management portal

To do this, follow these steps:
  1. Sign in to the Azure Management portal at http://manage.windowsazure.com through a user account that has an Azure subscription and that is a global administrator of the Azure AD B2C directory.
  2. Go to the Active Directory extension, and select your Azure AD B2C directory.
  3. Go to Applications, and then delete all listed applications.
  4. In the Show drop-down list, select Applications my company owns.
  5. Delete all listed applications.
For information about how to remove applications from your directory, see Adding, updating, and removing an application.

Step 3: Remove the B2C-related service principals

To do this, run the following cmdlet by using Azure AD PowerShell:
Get-MsolServicePrincipal | Where {$_.DisplayName -eq "b2c-extensions-app"} | Remove-MsolServicePrincipalName

Step 4: Disable all other service principals that may block the removal of your B2C directory

To do this, run the following cmdlet by using Azure AD PowerShell:
Get-MsolServicePrincipal | Where {$_.DisplayName -notlike "Microsoft.Azure.*"} | Set-MsolServicePrincipal -AccountEnabled $False

Step 5: Delete all user accounts except for one

To do this, follow these steps:
  1. Sign in as a Global admin. 
  2. Go to the B2C directory, and then make sure that there are no other user accounts (other than the one you're signed in with). 
  3. On the Active Directory/Directory menu, select the directory that you want to delete, and then select Delete.
  4. Confirm that the check box is selected, and then click the check mark in the lower-right corner.

How do I delete my Azure AD B2C tenant?

To delete your Azure AD B2C tenant, follow these steps:
  1. First, navigate to the B2C features blade on the Azure portal.
  2. Navigate to the Applications, Identity providers and All policies blades and delete all the entries in each of them.
  3. Sign in to the Azure classic portal as the Subscription Administrator. (This is the same work or school account or the same Microsoft account that you used to sign up for Azure.)
  4. Navigate to the Active Directory extension on the left, and then click your B2C tenant.
  5. Click the Users tab.
  6. Select each user in turn (exclude the user you are currently signed in as; for example, the Subscription Administrator). Click Delete at the bottom of the page, and then click Yes when prompted.
  7. Click the Applications tab.
  8. Select Applications my company owns in the Show drop-down list, and then click the check mark.
  9. You'll see an application that's named b2c-extensions-app listed below. Click Delete at the bottom of the page, and then click Yes when prompted.
  10. Navigate to the Active Directory extension again and select your B2C tenant.
  11. Click Delete at the bottom of the page. Follow the instructions on the screen to complete the process.
Properties

Article ID: 3112170 - Last Review: 07/20/2016 03:10:00 - Revision: 2.0

Microsoft Azure Active Directory

  • kbtshoot kbexpertiseadvanced kbsurveynew KB3112170
Feedback