When you delete a user account in Azure (Microsoft 365), the user is not deleted immediately. Disabled user accounts are stored in AAD for 30 days. In this article, we will see how to restore a deleted user in Azure AD (AAD) using Azure Portal or PowerShell.
In Azure AD, there are two ways to delete objects (users):
- soft delete – A user is removed from Active Tenant Users and the user account is suspended (moved to the AAD Recycle Bin). At the same time, all user attributes (including M365 group membership, access permissions assigned to Exchange Online mailboxes and folders, calendar permissions, team chat, and so on) remain unchanged. Azure Services will automatically delete such account after 30 days;
- hard delete (Permanent) – An object is deleted from the Azure Recycle Bin and cannot be restored using built-in tools (you can force-delete an object from Azure AD without waiting 30 days).
To delete or restore users, a global administrator Or user admin The role must be assigned to your account.
The easiest way to restore a deleted user in AAD is to use the Azure portal:
- You can find a list of deleted users available for restore in the Azure AD admin center (https://aad.portal.azure.com/,
- go for users and choose deleted users, Contains a list of deleted users that includes the date the user was deleted (date of removal) and the date the user will be permanently removed from AAD (permanent deletion date,
- Find the user you want to restore (you can search for the user by user principal name or add other user attributes as filters), select it and click restore user,
Note that when you delete a user, the userPrincipalName attribute of the user changes. if before
[email protected]For example, after deleting a user, the object ID in AAD is appended to the beginning:
- Confirm restore operation. You will see the message: User Restored Successfully,
- When you restore a deleted user, the Azure/Microsoft 365 Groups membership and the set of assigned AAD licenses are also fully restored.
Also, you can restore the user in AAD/Microsoft 365 using PowerShell. To do this, you need to use the MSOnline and AzureAD Powershell modules or the Microsoft Graph API.
You can display a list of all deleted users (with a full list of attributes) using this command:
Get-MsolUser -ReturnDeletedUsers | fl *
You can display only specific user properties (name, id, user creation or deletion date):
Get-MsolUser -ReturnDeletedUsers | select DisplayName, ObjectId,SoftDeletionTimestamp, WhenCreated
You can restore a user by their ObjectID:
Restore-AzureADMSDeletedDirectoryObject -Id 98813128-ffb1-4c55-b11f-6c58d7d66
You can also restore user by UPN using Restore-MsolUser Cmdlet:
Restore-MsolUser -UserPrincipalName "[email protected]"
- In the previous command, you can use an optional parameter
–AutoReconcileProxyConflictswhich allows you to specify a new proxy address to a user if the old one is busy
- Or you can set a new UPN immediately using the option
-NewUserPrincipalName "[email protected]"
Remove-MsolUser –userprincipalname [email protected] -RemoveFromRecycleBin
You can also use the Azure AD audit log to find user deletion events. For example, the following script will receive a user deletion event (you will see who deleted the user and when), return the UPN and ObjectID of the deleted user:
Import-Module AzureADPreview -UseWindowsPowerShell
Use this command to load the modules of the classic Windows PowerShell version into PowerShell Core.
Get-AzureADAuditDirectoryLogs -Filter "category eq 'UserManagement' and OperationType eq 'Delete'" |where-object TargetResources -like ("*AlexTest*")|select-object -ExpandProperty TargetResources
You can restore a user by their object id using
Leave a Comment