Now and then servers, services, apps connectors breaks down and sometimes the easiest way to fix or work around a problem is using a powershell command.
In this scenario I have Azure Tenant with a Custom domain name is applied and also have a Hybrid environment setup. I use a Windows server 2016 with configured AD connect to sync my users, groups and other OU objects to my Azure AD.
The problem I create in this scenario is that I want to move my custom domain name to new Azure Tenant and verify it. That should be easy enough right? – Just delete the custom domain name over at the old Azure Tenant and then add the domain to the new Azure Tenant and all is just fine? Well yes thats the way it normal goes. But if somehow the local AD server or sync service (AD connect) is removed or broken and can`t be restored, furthermore if some local AD users remains in the old Azure AD it will block your request to delete the custom domain name because the users still are associated with the @domainName.com and therefor users needs to be exported or/and delete first before a delete can be made and its here powershell comes in the picture.
Just to be clear local users synced from the Active Directory to Azure Active Directory cannot be deleted direcly from the cloud (AAD) they must be deleted from the local AD and after a sync they will be gone at the Azure Active directory. Cloud users is no problem to delete even with a broken setup.
Get-MsolUser –All | Export-CSV C:\ADusers.csv
Get-MsolGroup –All | Export-CSV C:\ADGroups.csv
Note: You can also first export the users into a CSV file and then create a new cloud users with global admin role. That new admin user will not appear at the exported AD user list and your ready to delete all the users from the AAD without any worries.
Import-CSV C:\ADusers.csv | Remove-MsOlUser –Force
Import-CSV C:\ADGroups.csv | Remove-MsOlGroup –Force