Windows Intune: unable to remove verified domain

May 13, 2014 at 7:56 am in Uncategorized by nsienaert

 

Hi all,

This might probably an issue where some of you bump into if you have a Windows Intune trial running. That’s why I decided to write this quickly down.

As you probably know you can link your public domain name into Windows Intune mainly to improve the Single-Sign on experience of your users.

Imaging that you have a verified domain linked to your trial tenant and for some reason you will not extend the trial or you want to link your domain to another tenant. In that case you need to remove your domain from the Intune tenant as you cannot link your public domain name to different tenants.

The first thing you need to do is delete all your Users and Security Groups that you have synced into Microsoft Azure Active Directory (so the new acronym will be MAAD :-)) with DirSync, so you have no associations anymore between your domain and MAAD.

If your try to remove your domain then it might happen that you receive following error:

screenshot

So for some reason there is apparently still an association which you need to “disconnect” before you can remove the domain.

As always these days Powershell can help us to have a look more under the hood.

First step is to download and install the O365 Powershell CMD lets.

Secondly execute the following Powershell commands:

Connect-Msolservice (Provide your credentials)
Get-MsolGroup  (Interesting is that this command shows mail-enabled Security Groups which apparently are not visible in the Intune interface)
Remove-MsolGroup -ObjectID <ObjectID> The Object ID is shown during Get-Msolgroup, this command will remove the  mail-enabled Security Groups

If everything goes well you should be able now to remove your domain from the Windows Intune tenant.

I can case you still have issues you can execute the following command.

Get-MsolUser -ReturnDeletedUsers -All | foreach { Remove-MsolUser -ObjectId $_.ObjectId -RemoveFromRecycleBin -Force }

If you delete Users and Security Groups, you will notice that they are still listed under “Deleted” items. So actually they are dropped in a kind of Recycle Bin. If you still encounter issues it might help that you execute a “shift-delete” with the -ReturnDeletedUsers switch.

Untitled 

I never had to use this last command but it might be your plan B.

Till next time!

Nico Sienaert

 

MVP Small imagesCAIOYXPP