Skip to content

Restore Exchange Online USER mailbox | Directory synchronization environment | The “right way” | Part 17#23

In the current article, we review how to successfully restore an Exchange Online mailbox, in Directory synchronization based environment, by implementing the best-practice procedure.

In Office 365 environment that uses Directory synchronization (when the user account synchronized from the On-Premise Active Directory to the Office 365 Directory), the restore process of an Exchange Online mailbox doesn’t begin by restoring a Soft Deleted Exchange Online mailbox or the Soft Deleted Office 365 users. Instead, by restoring the Soft Deleted On-Premise Active Directory user account that was synchronized to the cloud (Azure Active Directory).

The restoration of the Soft Deleted On-Premise Active Directory user account will trigger the restore process of the Soft Deleted Office 365 user account that was “bound” to the On-Premise Active Directory user account

The restore process of the Soft Deleted Office 365 user account, will automatically restore the Exchange Online license that “bound” to the Office 365 user account that considered as the owner of the Soft Deleted Exchange Online mailbox.

The restoration of the Exchange Online license will trigger the restore process, of the Soft Deleted Exchange Online mailbox.

recommended restore mailbox Directory synchronization -01

Scenario description

Organization infrastructure

  • An organization named com uses Office 365 mail service’s meaning, Exchange Online infrastructure.
  • The organization uses Directory synchronization environment (Azure AD Connect), which synchronized the information from the local On-Premise Active Directory to the Office 365 Directory (Azure Active Directory).

The deletion event

  • On-Premise Active Directory user account named Grace deleted, and the information about the event of the “user account deletion” synchronized to the cloud (Azure Active Directory).
Scenario description
  • Thus, the Office 365 user account that is “bound” to “Grace On-Premise Active Directory user account” also deleted and the Exchange Online license that “bound” to the deleted Office 365 user account removed.
  • Thus, the Exchange Online mailbox that associated with Grace Office 365 also deleted.

The mission

We were asked by the management, to restore Grace Exchange Online mailbox and enable Grace to access her Exchange Online mailbox.

The “object deletion flow” in Office 365 and Directory synchronization environment

Before we begin with the description of restoring Exchange Online mailbox in Directory synchronization environment, it’s important that we will understand the “flow of events,” which lead to the result of the Exchange Online mailbox deletion.

In a Directory synchronization environment, the “source of authority” for objects such as “User account” is the On-Premise Active Directory.

Each of the On-Premise Active Directory user accounts is synchronized to the Office 365 Directory (Azure Active Directory) and a “matching” Office 365 user account created and “bound” to each of the On-Premise Active Directory user accounts.

Note: This description is true, besides of a scenario, in which the organization implemented Directory synchronization filter that disables the synchronization of specific Active Directory OU or specific user accounts.

When we assign Exchange Online license to a particular Office 365 user account, an Exchange Online mailbox created for this Office 365 user and the Office 365 consider as the owner of the Exchange Online mailbox.

In case that the Office 365 user account deleted or in case that we remove the Exchange Online license, the Exchange Online mailbox will be deleted. If we want to be more accurate – the Exchange Online mailbox will be Soft Deleted.

In our scenario, On-Premise Active Directory user account (Grace) that associated with Office 365 user account that had Exchange Online license, deleted.

When Grace On-Premise Active Directory user account deleted, the following chain of events is “activated”:

  • Event 1#7 – Grace On-Premise Active Directory user account deleted.
  • Event 2#7 – When the Active Directory user account deleted, the deleted user account status is updated to – “Soft Deleted” user account. The user account is “sent” to the Active Directory recycle bin. The user account will be saved in the Active Directory recycle bin for a period of 180 days.
  • Event 3#7 – The Directory synchronization server (Azure AD Connect), connect the On-Premise Active Directory (by default, the time interval is three hours), and get the updated information about the event, in which a Grace User account deleted.
  • Event 4#7 – The Directory synchronization server (Azure AD Connect), connect Windows Azure Active Directory, and synchronize the information about the event, in which the On-Premise Active Directory user account that “bound” to Grace Office 365 user account deleted.
Deletion of Active Directory user - Directory synchronization - chain of events -01
  • Event 5#7 – Windows Azure Active Directory get the update, and delete the Office 365 user account. The deleted Office 365 user account will be “sent” to the Windows Azure Active Directory recycle bin.
    The Office 365 user account considers as a ”Soft Deleted, ” and it will be kept in the Azure Active Directory recycle bin, for 30 days. At the end of the 30-day period, the User mailbox will be deleted permanently (Hard Deleted).
  • Also, the Exchange Online license that assigned to the Office 365 user who deleted, will remove.
  • Event 6#7 – Windows Azure Active Directory “inform” (synchronize the information) the Exchange Online infrastructure, about the fact that – Exchange Online license that assigned the Soft Deleted Office 365 user account removed.
  • Event 7#7 – Thus, Exchange Online will delete the User mailbox that associated with the Office 365 user account. The deleted Exchange Online User mailbox will be sent to the Exchange Online recycle bin and stay there for 30 days. At the end of the 30-day period, the User mailbox will be deleted permanently (Hard Deleted).
Deletion of Active Directory user - Directory synchronization - chain of events -02

The chain of events when we restore a Soft Deleted On-Premise Active Directory user account in Office 365 and Directory synchronization environment

In the following section, I would like to briefly review the chain of events, when we restore a Soft Deleted On-Premise Active Directory user account in Office 365 and Directory synchronization environment.

In our example, we restore Grace Soft Deleted user account from the On-Premise Active Directory recycle bin.

Quick reminder, Grace On-Premise Active Directory user account is “bound” to a Soft Deleted Office 365 user account, that consider as the owner of a Soft Deleted Exchange Online mailbox.

When we restore the Soft Deleted from the On-Premise Active Directory recycle bin, in Directory synchronization environment, the following chain of events occurs:

  • Event 1#6 – The Restored Soft Deleted user account, is “fetched” from the On-Premise Active Directory recycle bin, and the user account is “sent back” to the “active” directory user’s database.
  • Event 2#6 – The Directory synchronization server (Azure AD Connect), connect the On-Premise Active Directory (by default, the time interval is three hours), and get the updated information about the event, in which a User account recovered (restored).
  • Event 3#6 – The Directory synchronization server Azure AD Connect), connect Windows Azure Active Directory, and synchronize the information about the event, in which the On-Premise Active Directory user account that “bound” to Soft Deleted Office 365 user account restored.
Restoring Deleted Directory user - Directory synchronization - chain of events -01
  • Event 4#6 – Windows Azure Active Directory get the updated information, and “pull” the Soft Deleted a user account from the recycle bin. The Office 365 user is restored to the “active user account list.” Also, the Exchange Online license of the Office 365 user account is also restored.
  • Event 5#6 – Windows Azure Active Directory “inform” (synchronize) the Exchange Online infrastructure, that the owner of an Exchange Online Mailbox Soft Deleted restored.
  • Event 6#6 – Thus, Exchange Online will restore the Soft Deleted user mailbox and restore the association with the Office 365 user account.
Restoring Deleted Directory user - Directory synchronization - chain of events -02

Restoring Exchange Online user mailbox in Directory synchronization based environment

Step 1#2 – Simulating the event in which On-Premise Active Directory user account is deleted

On-Premise | Active Directory

In our example, we will simulate the scenario by deleting an On-Premise Active Directory user account of a user named – Grace

Preparing the On-Premise Active Directory user deletion scenario - 01

Before we delete Grace’s user account, I would like to review the properties of Grace Active Directory user account briefly.

Later, when we restore the Soft Deleted Grace’s user account, I would like to show you that the restore process, manage to restore all the “properties” that were attached to the Grace user account, and even original Grace password.

  • Grace office is Marketing
Preparing the On-Premise Active Directory user deletion scenario - 02
  • Grace is a member of a group named – Marketing
Preparing the On-Premise Active Directory user deletion scenario - 03

In the following screenshot, we can see the “deletion” of Grace On-Premise Active Directory user account.

Preparing the On-Premise Active Directory user deletion scenario - 04

On-Premise | Directory synchronization environment

The information about the deletion of an On-Premise Active Directory user account synchronized to the cloud (Azure Active Directory), by the Directory synchronization server (Azure AD Connect).

In the following screenshot, we can see the following information:

  • Under the section – outbound synchronization (number 1), the updated operation defined as – “Export Attribute Flow.”
  • When we look at the properties of the “update event” (number 2), we can see that the update relates to Grace’s user account that deleted (appear in the Changes column as – delete).
Preparing the On-Premise Active Directory user deletion scenario - 05

Office 365 | Azure Active Directory | Office 365 Admin Center interface

In this step, we look into the Azure Active Directory recycle bin content and try to verify if the deletion of the On-Premise Active Directory user account, lead to a deletion of the Office 365 user account that “bound” to the On-Premise Active Directory user account.

Azure Active Directory, provides us a graphic interface for viewing the content of the Azure Active Directory recycle bin.

We can see that the Grace Office 365 user account that “bound” to Grace On-Premise Active Directory user account, also deleted and sent to the Azure Active Directory recycle bin.

Additional important information that doesn’t appear in the Azure Active Directory recycle bin interface is that the Exchange Online license of Grace also removed!

Preparing the On-Premise Active Directory user deletion scenario - 06

Windows Azure Active Directory “inform” (synchronize the information) the Exchange Online infrastructure, about the fact that – Exchange Online license that bound the Soft Deleted Office 365 user account removed.

Office 365 | Exchange Online infrastructure | Exchange Online Admin Center

After the information about the fact that Grace Exchange Online license removed, Exchange Online deletes the Exchange Online mailbox that associated with the Grace Office 365 user account.

In case that we want to view the Soft Deleted Exchange Online mailbox, the Exchange Online admin center provides a graphic interface for viewing the content of the Exchange Online recycle bin.

Using the Exchange Online Admin center, we can view the Exchange Online recycle bin by using the following menus:

recipients menu => mailboxes menu => three dots menu => Deleted mailboxes menu.

Preparing the On-Premise Active Directory user deletion scenario - 07

In the following screenshot, we can see the content of the Exchange Online recycle bin. We can see that the Exchange Online recycle bin includes Grace Soft Deleted mailbox.

Preparing the On-Premise Active Directory user deletion scenario - 08

An additional way that we can use for viewing the content of the Exchange Online recycle bin is, by creating a remote PowerShell session to Exchange Online, and use the following PowerShell command:

Get-Mailbox -SoftDeletedMailbox

In case that you need instructions regarding the operation of – creating remote PowerShell session to Exchange Online, you can read the article – Connect to Exchange Online PowerShell

In the following screenshot, we can see the content of the Exchange Online recycle bin before Grace’s mailbox deleted, and after the mailbox deleted.

Preparing the On-Premise Active Directory user deletion scenario - 09

Step 2#2 – recovering the Soft Deleted On-Premise Active Directory user account

In this section, we will restore the “original” Grace On-Premise Active Directory user account that was Soft Deleted.

The restore process of the “original On-Premise Active Directory user account,” will initialize a sequence of events, which will end with the successful restore of the Grace Soft Deleted Exchange Online mailbox.

On-Premise | Active Directory Recycle Bin

Grace deleted On-Premise Active Directory user account, consider as – “Soft Deleted user account,” and the user will be kept in the On-Premise Active Directory recycle bin.

Viewing the content of Active Directory Recycle Bin and restore Soft Deleted

In our example, we will use Windows 2008 Server R2 , in which the Active Directory recycle bin was enabled. Windows Server 2008 R2 provides CLI (command line interface) for managing and viewing the content of the On-Premise Active Directory recycle bin.

If you want to read additional information about Active Directory recycle bin and the different options for restoring Soft Deleted user accounts, you can read the article – Deleted Active Directory User account and the Deleted object store | Basic introduction | Article 1#4 | Part 13#23

To be able to view and manage Active Directory recycle bin (manage Soft Deleted objects stored in the Active Directory recycle bin), we will use the following PowerShell commands:

  • View or Display Soft Deleted Objects stored in the Active Directory recycle bin

In our specific example, we use the Get-ADObject command for, display information about Soft Deleted objects that consider as User accounts objects.

To be able to view the content of the On-Premise Active Directory recycle bin (Soft Deleted users accounts), we use the PowerShell command Get-ADObject, and the parameter – includeDeletedObjects

  • Restore Soft Deleted object from Active Directory recycle bin

To restore Soft Deleted Active Directory object, we will use a combination of the PowerShell command Get-ADObject that will “fetch” the required Soft Deleted object, and pipe (|) the output to the PowerShell command – Restore-ADObject

View or Display Soft Deleted Objects stored in the Active Directory recycle bin

To view information about all the Soft Deleted user account (User object), we use the following PowerShell command:

Get-adobject -Filter {Deleted -eq $true -and ObjectClass -eq "user"} -IncludeDeletedObjects

In the following screenshot, we can see a list of Soft Deleted user accounts, and information about Grace Soft Deleted user account.

Restoring the original User account - On-Premise Active Directory -01

In case that we want to display information about a particular Soft Deleted user account object, we can use a “filter” that based on a specific object property.

For example, display the Soft Deleted user account that his DisplayName is equal to the name of the user that we are looking for.

In our example, we want to display information about the Soft Deleted user account that uses the display name – Grace Jones

Get-ADObject -Filter {displayName -eq "Grace jones"} -IncludeDeletedObjects
Restoring the original User account - On-Premise Active Directory -02

Restoring Grace Soft Deleted user account

In the following section, we are going to restore Grace Soft Deleted user account

We will use a PowerShell command that “fetch” the information about the Grace Soft Deleted account, and then, pipe the output to a PowerShell command that restore the Soft Deleted object.

An example of the PowerShell command that we use for restoring Grace Soft Deleted a user account from Active Directory recycle bin is:

Get-ADObject -Filter {DisplayName -eq "Grace jones"} -IncludeDeletedObjects | Restore-ADObject
Restoring the original User account - On-Premise Active Directory -03

To verify if Grace Soft Deleted user account successfully restored, we will use again the PowerShell command that enables us to view the Active Directory recycle bin:

Get-ADObject -Filter {DisplayName -eq "Grace jones"} -IncludeDeletedObjects

In the following screenshot, we can see information about the Grace user account before the restore operation and after we execute the restore PowerShell command.

Notice that:

  • Before the Soft Deleted restored, the value of the property “Deleted” is True
  • After we have restored the Soft Deleted user account, the value of the property “Deleted” is empty
Restoring the original User account - On-Premise Active Directory -04

On-Premise | Active Directory

In the following screenshot, when looking at the On-Premise Active Directory, we can see that the original” Soft Deleted Grace’s user account successfully restored.

Verifying the Restore process of the original User account On-Premise Active Directory -01

An additional thing that we would like to verify is – did the restore process, manage to restore Grace’s user properties and attributes.

  • In the following screenshot, we can see that the Grace group membership successfully restored.
Verifying the Restore process of the original User account On-Premise Active Directory -02
  • In the following screenshot, we can see that the Grace office information successfully restored.
Verifying the Restore process of the original User account On-Premise Active Directory -03

on-Premises | Directory synchronization environment

In this step, we would like to verify that the information about “Grace restored user account,” is synchronized to the cloud (Active Directory Azure).

The information about the deletion of an On-Premise Active Directory user account synchronized to the cloud (Azure Active Directory) by the Directory synchronization server (Azure AD Connect).

In the screenshot, we can see the following information:

  • Under the section – Export Statistics (number 1), in the Updates section, we can see that the synchronization includes two updates.
Verifying the Restore of the User account On-Premise Active Directory DirSync -01
  • When we look at the properties of the “update event” (number 2), we can see that the update relates to Grace’s user account that added (appear under the Changes column as – add).
Verifying the Restore of the User account On-Premise Active Directory DirSync -02

Office 365 | Azure Active Directory | Office 365 Admin center interface

In the following section, we want to verify if the information about “Grace restored On-Premise Active Directory user account,” successfully synchronized to the cloud (Azure Active Directory).

In addition, we want to verify if the Azure Active Directory “understand” that she “need” to restore the “Grace Soft Deleted Office 365 user account,” that was “bound” to the “Grace On-Premise Active Directory user account.”

Active Directory Azure – Recycle bin

In the following screenshot, we can see the content of the Azure Active Directory recycle bin (Azure Active Directory Admin Center, Deleted Users menu).

We can see that now; the Active Directory Azure recycle bin is “empty.”
The meaning is that the Grace Soft Deleted user account restored and considers as “Active user account.”

Verifing the status of the restored Soft Deleted user account in Office 365 -01

Active Directory Azure – Active user lists

In the following screenshot, we can see the list of the Azure Active Directory Active users.

We can see that now, the Active user list, include the Office 365 user account – Grace

Notice that we can see important “pieces of information” about Grace Office 365 user account:

1. The Office 365 user account appear as synchronized (number 2).
The meaning is that the Azure Active Directory, manage to “understand” that the restored “Grace On-Premise Active Directory user account” was “bound” to the “Grace Soft Deleted Office 365 user account”. The Office 365 user account restored, and “attached” back to the On-Premise Active Directory user account.

Verifing the status of the restored Soft Deleted user account in Office 365 -02

2. Office 365 license

Notice the important information about the Office 365 license! (number 2)

In the following screenshot, we can see that the Grace user account has a license (E3 license in our scenario).
We didn’t assign the Office 365 licenses, but instead, the original Office 365 user account, restored together with his Office 365 licenses, that was assigned to the user account, before he deleted.

3. User account property
In the screenshot, we can see that the Group membership of Grace’s user account (member of the marketing group) also successfully restored.

Verifing the status of the restored Soft Deleted user account in Office 365 -03

Office 365 | Exchange Online infrastructure | Exchange Online Admin center

In the last phase, we want to verify that our main mission – restoring Grace Exchange Online mailbox successfully completed!

We will use the Exchange Online admin center, for getting additional information about the status of Grace’s original Exchange Online mailbox.

Exchange Online | Recycle bin | PowerShell

In the following screenshot, we can that we use the PowerShell command Get-Mailbox -SoftDeletedMailbox, for viewing the content of Exchange Online recycle bin.

We can see that the Exchange Online recycle bin doesn’t include information about the Grace mailbox. The meaning is, that Grace mailbox successfully restored and “removed” from the Exchange Online recycle bin.

Verifing the status of the restored Soft Deleted Exchange Online mailbox -01

Exchange Online | Active mailboxes

We will use the Exchange Online admin center for getting additional information about the Grace Exchange Online mailbox.

In the following screenshot, we can see that Grace’s mailbox appears in the “Active mailbox list.”

Verifing the status of the restored Soft Deleted Exchange Online mailbox -02

Also, we would like to verify of the Exchange Online mailbox property also restored.

In our example, Grace’s mailbox was a member of the Marketing group.

In the following screenshot, we can see the properties of Grace’s mailbox, and we can see that her group membership successfully restored.

Verifing the status of the restored Soft Deleted Exchange Online mailbox -03

To verify that the Exchange Online mailbox that restored is indeed the “Grace original Exchange Online mailbox,” we log into Grace’s mailbox.

In the following screenshot, we can see that the mailbox includes the original Grace mail items.

Verifing the status of the restored Soft Deleted Exchange Online mailbox -04

The next article in the current article series

Prefix – the “Problematic” Exchange Online mailbox restores scenarios in Directory synchronization environment | Part 18#23

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has One Comment

  1. Dude.. you spelled it “on-premise” waay to many times – it’s “on-premises” !!!

    Cheers

Comments are closed.