Select Language:
If you’re trying to clean up or make changes to your Azure network but run into issues with certain resource groups, you’re not alone. Many users face this problem when working with Azure’s managed services, especially with Microsoft Entra Domain Services.
Here’s what you need to know and how to approach the situation:
Azure automatically creates special resource groups called Managed Resource Groups (MRGs) when you set up services like Microsoft Entra Domain Services. These groups, often with lengthy, hidden names starting with “Cust-f-w-c…,” are not your typical resource groups. They are created and maintained by Azure behind the scenes to support the backend infrastructure of the service.
You might notice a resource group with a name similar to “Cust-f-w-c-p-o-0-o-r-g-ce830329-02d5-462e-940a-72425f1163e2.” This is a Managed Resource Group. These groups contain important components like domain controller VMs and network interfaces (NICs) that Azure manages directly. Because of their critical nature, these resource groups are usually hidden from your regular resource list and cannot be deleted or modified easily.
The main problem occurs when you want to delete or change the subnet where these services are running. Since Azure Entra Domain Services manages its own domain controller VMs and NICs within this subnet, any attempt to delete or change the subnet is blocked. Azure locks these components as long as the managed service is active, to prevent accidental disruption.
So, how do you handle this?
The best approach is to understand that these managed resource groups and their components are essential for the service to run smoothly. If you need to modify your network or delete the resource group, you’ll need to first disable or delete the Microsoft Entra Domain Services instance. Be aware that this will turn off the service and could impact your environment.
Once the service is shut down, Azure typically releases these resources, and you’ll be able to make the necessary changes or delete the resource groups. Always make sure to back up any important data or configurations before deleting anything, and carefully plan the steps to avoid downtime or data loss.
In summary, these hidden, managed resource groups are protected because they contain essential infrastructure. To manage or clean up these resources, deactivate the associated services first, then proceed with your network changes. This approach will save you headaches and help maintain a healthy Azure environment.
ChatGPT
Perplexity
Gemini AI
Grok AI
