Forum Discussion

5even's avatar
5even
Copper Contributor
Jul 08, 2024

can not delete domain because of user references

Hi everyone,

 

when I try to delete one of my domains in Entra/Azure, I receive following message

 

In order to delete 'contoso.com` all resources that refer to it must be removed or renamed. If you wish for the references to be automatically renamed, proceed below with the domain deletion. 

 

I checked the user references, but there is not a single one which has ´contoso.com´ as domain.

I also checked if the users are in groups which has ´constoso.com´ as alias or mail. But no..

 

Where could be the problem?

 

thank you in advance

  • So finally I could solve this problem with the help of you guys. I may forgot to mention, that I have a hybrid infrastructure. So all the users which were blocking the deletion hat an addition alias. Those were only showing up in Exchange Online Admin Center. I deleted the aliases on-prem and started manually a sync from Azure AD Connect. That was my solution. Thank you for the hints guys!
  • Have you checked there is not an enterprise app using the domain? The option to show that will be right next to the users overview in the domain in Admin Console.
    • 5even's avatar
      5even
      Copper Contributor
      when I click on one of the users which are blocking the deletion and hop over to the left navigation Manage > Applications. There are no entries. There are groups which were assigned to the domain, but I edited them with the new primary and deleted the old alias. Still it pops out as showstopper on my doing.
  • SPatkar_Blogs's avatar
    SPatkar_Blogs
    Copper Contributor

    Check if any users or groups are having this custom domain.
    Check if any deleted users are having this custom domain.
    Check the domain of the GA account which you are logged in with. Ensure that the Global Administrator account is using the initial default domain name (.onmicrosoft.com) such as email address removed for privacy reasons. Sign in with a different Global Administrator account that such as email address removed for privacy reasons or another custom domain name like “fabrikam.com” where the account is email address removed for privacy reasons.
    If domain deletion fails, ensure that you don’t have:

    Apps configured on the domain name with the appIdentifierURI
    Any mail-enabled group referencing the custom domain name
    More than 1000 references to the domain name
    The domain to be removed the set as the Primary domain of your organization
    Also note that the ForceDelete option won't work if the domain uses Federated authentication type. In that case the users/groups on the domain must be renamed or removed using the on-premises Active Directory before reattempting the domain removal. If you find that any of the conditions haven’t been met, manually clean up the references, and try to delete the domain again.

    https://learn.microsoft.com/en-us/powershell/module/azuread/remove-azureaddomain?view=azureadps-2.0
    Try this powershell with -Force command.
    • 5even's avatar
      5even
      Copper Contributor
      My GA is using the initial default domain. The problem azure shows me here are the several users. They have already the new primary domain assigned, but azure is telling me there are still linked to the old domain. I checked every single user but I cannot find any relation to the domain which I want to delete. no apps, no groups, no wrong domain in the properties..
  • 5even's avatar
    5even
    Copper Contributor
    So finally I could solve this problem with the help of you guys. I may forgot to mention, that I have a hybrid infrastructure. So all the users which were blocking the deletion hat an addition alias. Those were only showing up in Exchange Online Admin Center. I deleted the aliases on-prem and started manually a sync from Azure AD Connect. That was my solution. Thank you for the hints guys!

Resources