Remove a privileged access group?

TS-noodlemctwoodle · ‎Sep 28 2020

Please could someone advise how to remove a `Privileged Access Group` from PIM?

I deleted the security group from AAD, however, the group has not been removed from Privileged Access Groups.

ChristianBergstrom · ‎Sep 28 2020

@TS-noodlemctwoodle Hi, sounds like this could be what you're describing.

Azure AD P2 licensed customers only Even after deleting the group, it is still shown an eligible member of the role in PIM UI. Functionally there's no problem; it's just a cache issue in the Azure portal.

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept#know...

TS-noodlemctwoodle · ‎Sep 29 2020

@ChristianBergstrom I initially thought it might be a caching issue, however, its been 5 days now that the group remains in PIM and has been removed from AAD.

ChristianBergstrom · ‎Sep 29 2020

@TS-noodlemctwoodle Hey, from my understanding that is the issue (gonna stay there until they fix it).

"We are fixing these issues."

You could reach out to the Microsoft support, meaning creating a service request, to have an official response though.

TS-noodlemctwoodle · ‎Oct 08 2020

@TS-noodlemctwoodle and @ChristianBergstrom , I have the same issue. Group is deleted in Azure AD, but it's still showing under "privileged access groups (Preview)" in the Groups and PIM section.

I even looked for the Object ID via PowerShell and the Azure AD Group IS DELETED.

Any ETA on when they will clear the cache?

ChristianBergstrom · ‎Oct 08 2020

@Deleted Hello, thanks for the info. I have no idea to be honest. But you should open up a ticket with the official support to get an estimation or at least a better explanation than the "we are fixing this".

Would you mind updating this conversation if you do that? Thanks!

ChristianBergstrom · ‎Oct 08 2020

@ChristianBergstrom, I submitted a ticket. We are facing both of the AD P2 issues outlined with Group-based role assignment in Azure AD.

Report Inappropriate Content · ‎Oct 08 2020

@TS-noodlemctwoodle and @ChristianBergstrom, I realise that when an active group is renamed it does not update in PIM either. Seems the caching issue is more widespread than just deletion.

TS-noodlemctwoodle · ‎Oct 09 2020

I'd be interested to know if support were able to resolve the issue?

rdamnl · ‎Mar 24 2021

Were you able to solve this problem?
We run into the same problem (almost half a year later...)

ERakers · ‎Apr 26 2021

We are running into the same issue as well and it's causing issues with our PIM Role assignments for the same roles.

@rdamnl

rdamnl · ‎Apr 28 2021

It takes 24 hours for the name change or group removal will take place. Also check if you use the latest version of PIM.

scottsteven · ‎Nov 22 2021

Ye, looks like it is still an ongoing issue. have deleted he PAG group but it persists in PIM.....

jdlavallee · ‎May 18 2023

Any news on this ? I am trying to work with such Groups and just renamed the groups... I noticed that in Catalogs of the Identity Management there is an option to "Refresh from Origin" button that seems to fix this... Hopefully we get something like that in PIM Groups.

Remove a privileged access group?

Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Re: Remove a privileged access group?

Products (52)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Remove a privileged access group?