Delete PostgreSQL Flexible server with AD Admins enabled

Hello everyone,

I have a question regarding deletion sequence with an Azure PostgreSQL Flexible server with the AD auth mechanism and AD admins enabled.

Once the ‘active_directory_auth_enabled’ feature in the ‘azurerm_postgresql_flexible_server’ is enabled and AD admins setup with ‘azurerm_postgresql_flexible_server_active_directory_administrator’ block it is not possible to delete them afterwards, it should always remains at least one admin (user, managed identity or Service principal).

This is an issue when I want to delete the database because the dependencies are failing to be all well deleted before it, thus stopping the deletion process.

I also tried to disable the AD auth and enable the local account but then, the plan failed to retrieve the ‘azurerm_postgresql_flexible_server_active_directory_administrator’ blocks with the following error:

Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="" Message="Azure AD authentication is not enabled for the given server <server_name> in resource group <resource_group_name> in subscription <sub_ID>"

The only quick fix I’ve found is to remove the whole database + admins module from the state and delete them manually through the Azure portal…

Does anyone has faced this situation ?

Any advises would be appreciate!

Thanks all!

1 Like


yes I am having identical issue right now.
once ad administrator is set up on db I cannot delete that object and thus cannot delete the db.

I have raised an issue on the aruzerm provider repo: postgres flexible server does not destroy when AD Authentication is selected present · Issue #24736 · hashicorp/terraform-provider-azurerm (

1 Like