Forum Discussion

joe-miller's avatar
joe-miller
Copper Contributor
Mar 13, 2020

how to Remove-RdsAppGroupUser if the user was already deleted from azure ad?

when i try to remove a user name from an RdsAppGroup and that user has already been deleted from azure ad, i get:

Remove-RdsAppGroupUser : The specified UserPrincipalName does not exist in the Azure AD associated with the RD tenant.

i don't have control of who is able to delete azure ad users, but i want to run a cron cleanup script to prune my RdsAppGroups of users names not in selected security groups.

if the user must exist in aad to be deleted from an appgroup, then deleting a user in aad should delete that user in an appgroup too, otherwise how do we keep appgroups clean?

  • AlexShnay's avatar
    AlexShnay
    Copper Contributor

    I ran into the same issue.  Hope there is a way to remove group user without re-creating account in AD.

    thanks.

  • This may not be helpful, but this is how we get around it.

    When an employee is terminated, we don't delete them from AD. Instead, we move them to a "Trash" OU and strip them of all their AD rights. That way they still exist in AD (and thus can be deleted by Remove-RdsAppGroupUser) but don't have the ability to actually do anything in AD.

    The better solution, of course, would be for WVD to start supporting AD Groups instead of requiring us to add users individually.
      • FortyMegabytes's avatar
        FortyMegabytes
        Brass Contributor
        Just so you know: I'm not a Microsoft guy, just a WVD user. I only commented about how we got around this limitation. The fact that WVD doesn't support AD groups is very limiting.
  • cvanaxel's avatar
    cvanaxel
    Brass Contributor

    joe-miller 

     

    I fixed this with a powershell script. The script looks in my onpremise AD and sync with powershell to App groups.

Resources