Skip to main content
Skip table of contents

Module Unregister-Cloudaware

This article instructs you on how to delete the AD application created in Azure. The module Unregister-Cloudaware is to be executed in Azure Cloud Shell as well.

Prepare the environment where the module will be executed

  1. Log in to Azure portal.

  2. Click the Cloud Shell button in the menu bar. Select Power Shell.

  3. Log in Azure using the command below (the user should have the role 'Global Administrator' assigned on the Azure AD level):

    POWERSHELL 
    az login

  4. Upload the file Unregister-Cloudaware.ps1

    POWERSHELL 
    mkdir cloudaware
cd cloudaware
curl -LJO https://raw.githubusercontent.com/cloudaware/public-utilities/master/PowerShell%20modules/Unregister-Cloudaware.ps1

  5. Import the module Unregister-Cloudaware from the file Unregister-Cloudaware.ps1 for a current session:

    POWERSHELL 
    Import-Module -Name .\Unregister-Cloudaware.ps1 -Force

Once these steps are performed, the module Unregister-Cloudaware is available in the current Azure Cloud Shell session. Using the module, you are able to delete the AD application created before.

Description of the module parameters

Parameters

Function


-name <NAME>

Name of the AD application to be deleted.

POWERSHELL 
-name cloudaware-api-access


-withoutSubs

The switch allows to delete the AD application; no roles and/or the policy assigned to the AD application will be unassigned.

POWERSHELL 
-withoutSubs


-dryRun

The switch allows to save the list of parameters and their values that will be used when deleting the AD application during the module Unregister-Cloudaware run.

The saved file will be available in the path ~\cloudaware\dryRunToDeleteApp_<USER_PRINCIPAL_NAME>_<APPLICATION_NAME>.json

POWERSHELL 
-dryRun

Examples of the module execution

To output the information about the module Unregister-Cloudaware:

POWERSHELL 
Get-Help Unregister-Cloudaware -Full

To output the examples of the module Unregister-Cloudaware execution:

POWERSHELL 
Get-Help Unregister-Cloudaware -Examples

To output the list of parameters and their description:

POWERSHELL 
Get-Help Unregister-Cloudaware -Parameter *

Examples of the module Unregister-Cloudaware execution:

1. Launching the module in the command line using the AD application name and the switch -verbose. Use the switch -dryRun to save the parameters and their values that will be used to delete the AD application during the module run:

POWERSHELL 
Unregister-Cloudaware -name cloudaware-api-access -dryRun -verbose

2. Launching the module in the command line using the AD application name and the switch -verbose. Use the switch -withoutSubs to allow deleting the AD application; no roles and/or the policy assigned to the AD application will be unassigned:

POWERSHELL 
Unregister-Cloudaware -name cloudaware-api-access -withoutSubs -verbose

Troubleshooting

1. The error message below means that the user who logged in to Azure using az cli doesn't have the role 'Global Administrator' assigned on the AD level:

CODE 
[2020-01-01 00:00:00] The user does not have the role 'Global administrator' assigned.


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter Users and choose it.

  4. In the search users bar enter the name of the current user and select it.

  5. On the page, select Assigned roles.

Learn more about Azure AD roles.

2. The error message below means that the AD application you are attempting to delete doesn't exist in Azure Active Directory:

CODE 
[2020-01-01 00:00:00] The AD application 'cloudaware-api-access' does not exist.


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter App registrations and choose it.

  4. Select All Applications, and in the search bar enter the name of the app you used.

    Learn more about Application management.

3. The error message below means that the user doesn't have access to any Subscription ID(s) to unassign the roles and/or policy that are assigned to the AD application:

CODE 
[2020-01-01 00:00:00] The user does not have any Subscription ID(s) to unassign roles and/or the policy that are assigned to the AD application 'cloudaware-api-access'.


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter Users and choose it.

  4. In the search users bar enter the name of the current user and select it.

  5. On the page, select Azure role assignments.

If you want to delete the AD application so that no roles and/or the policy assigned to it are unassigned, use the switch -withoutSubs.

Learn more about Azure RBAC.

4. The error message below means that no Service Principal Name(s) were found for the AD application you are attempting to delete or an issue occurred when extracting the Service Principal Name(s):

CODE 
[2020-01-01 00:00:00] An error occurred while extracting Service Principal Name(s).


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter Enterprise applications and choose it.

  4. In the Application type list select All Applications and then click Apply button.

  5. In the search bar enter the name of the app you want to delete.

Temporary Internet connection issue may have occurred (if the module is run locally on your work station) - re-launch the module.

Learn more about Service Principal object

5. The error message below means that the user doesn't have the role 'Owner' to be able to unassign the role 'Reader' and/or the policy that are assigned to all or several of Subscription ID(s):

CODE 
[2020-01-01 00:00:00] The Subscription ID(s) where the user doesn't have the role 'Owner' (RBAC) assigned to be able to delete roles/policy: ['00000000-0000-0000-0000-000000000000']


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter Users and choose it.

  4. In the search bar enter the name of the current user and select it.

  5. On the page, select Azure role assignments.

Contact your Azure Global administrator to get the role 'Owner' assigned. Once the role is assigned, re-run the module.

If you want to delete the AD application so that no roles and/or the policy assigned to it are unassigned, use the switch -withoutSubs.

Learn more about Azure RBAC

6. The error message below means that the user doesn't have the role 'Owner' to be able to assign the role 'Reader' to all or several of Reservation Order ID(s):

CODE 
[2020-01-01 00:00:00] The Reservation Orders ID(s) where the user doesn't have the role 'Owner' (RBAC) assigned to be able to delete roles: ['00000000-0000-0000-0000-000000000000']


Steps to check and fix:

  1. Sign in to your Azure portal.

  2. On the left navigation panel, select All services.

  3. On the page in the All services search bar enter Reservations and choose it.

  4. Select the Reservation which you need and then select Reservation Order ID.

  5. On the left page choose Access control (IAM), click the button Role assignments.

  6. In the search users/apps bar enter the name of the current user.

Contact your Azure Global administrator to get the role 'Owner' assigned. Once the role is assigned, re-run the module.

If you want to delete the AD application so that no roles and/or the policy assigned to it are unassigned, use the switch -withoutSubs.

Learn more about Azure RBAC

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close