how to Remove-RdsAppGroupUser if the user was already deleted from azure ad?

Copper Contributor

when i try to remove a user name from an RdsAppGroup and that user has already been deleted from azure ad, i get:

Remove-RdsAppGroupUser : The specified UserPrincipalName does not exist in the Azure AD associated with the RD tenant.

i don't have control of who is able to delete azure ad users, but i want to run a cron cleanup script to prune my RdsAppGroups of users names not in selected security groups.

if the user must exist in aad to be deleted from an appgroup, then deleting a user in aad should delete that user in an appgroup too, otherwise how do we keep appgroups clean?

5 Replies

I ran into the same issue.  Hope there is a way to remove group user without re-creating account in AD.

thanks.

This may not be helpful, but this is how we get around it.

When an employee is terminated, we don't delete them from AD. Instead, we move them to a "Trash" OU and strip them of all their AD rights. That way they still exist in AD (and thus can be deleted by Remove-RdsAppGroupUser) but don't have the ability to actually do anything in AD.

The better solution, of course, would be for WVD to start supporting AD Groups instead of requiring us to add users individually.

@FortyMegabytes 

 

Is there an update on this?  We are running into this same issue.

 

Respectfully.

Just so you know: I'm not a Microsoft guy, just a WVD user. I only commented about how we got around this limitation. The fact that WVD doesn't support AD groups is very limiting.

@joe-miller 

 

I fixed this with a powershell script. The script looks in my onpremise AD and sync with powershell to App groups.