Azure Active Directory Service has a hint recycle bin to keep deleted objects (User, Application, Group and so on) when user deleted them from the website. They call this as a soft-delete. The issue raised because of the quota of associated objects per user noted here – https://docs.microsoft.com/en-us/azure/active-directory/active-directory-service-limits-restrictions. The number of limitation actually quite make sense but for developer who has to test the product that related to Azure Active Directory and has to create a bunch of objects, they could hit this wall at anytime.
Once the limitation reached, Directory_QuotaExceeded error would be thrown. Detail of the error could be found here https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-error-codes-and-error-handling. Most users when see this error would delete unused objects to claim ability to create a new object. Though that is not enough action because as mentioned it is just a soft-delete (disabled alike). Thanks Microsoft Support Team to give me this insight information.
Support team also gave me another hint operation that could not be found in any forum at the time being.
Make a GET request with following URL to Graph API give the list of objects in the recycle bin. (you can try via Graph Explorer – https://graphexplorer.azurewebsites.net/)
eg: https://graph.windows.net/myOrganization.onmicrosoft.com/deletedDirectoryObjects/$/Microsoft.DirectoryServices.Group/ should show all soft-deleted group objects.
You should get list of object id from above request.
Then delete object from the recycle bin using following URL with DELETE method.
That’s it…but what if you have a bunch objects in the recycle bin? Manually doing this one by one object would be a waste of time task. I then make a PowerShell script to manage this.
Feel free to download my script from the link below. It is a real simple just replace value in $tenant and $resource as wished.
$tenant = ”your_tenant.onmicrosoft.com”
$resource = “Application” # this could be Application, Group, User or else…