Solving an Exchange Online mailbox restore mistake by Restoring the original Soft Deleted Active Directory user | Part 21#23 5/5 (2) 28 min read

In the current article, we provide the step by step instructions, for resolving a typical Exchange Online mailbox restore mistake in Office 365 Directory synchronization environment.

  • The Mailbox restore mistake is realized by – creating a NEW Active Directory user created, instead of restoring the original Soft Deleted On-Premise Active Directory user account.
  • The proposed solution, based on a concept of “reversing thing back”, to the point in time, before the “Exchange Online mailbox recovery mistake” executed. The meaning is – deleting the NEW Active Directory user account and restoring the original Soft Deleted On-Premise Active Directory user account.

Restore Exchange mailbox | Article Series table of content | Click to expand

Restore Exchange Online deleted mailbox | Article Series

Exchange Online mailbox restore | Articles series table of content
Introduction to the subject of Exchange and deleted mailboxes
01Restore deleted Exchange Online mailbox in Office 365 environment | Prefix | Part 01#23
02Directory Object Deletion and the restore “domino effect + little bit about the concept of the Active Directory Recycle bin | Part 2#23
03What are the possible causes for an Exchange Online mailbox deletion? | Part 3#23
04What are the possible options for recovering Exchange Online mailbox? | Part 4#23
05The Index of the different Exchange Online mailbox restores methods| Part 5#23
Restoring Exchange Online mailbox – cloud only environment
06Restore Exchange Online Room mailbox | Cloud only (Fully Hosted) environment | Part 6#23
07Restore Exchange Online Shared mailbox | Cloud only (Fully Hosted) environment | Part 7#23
08Restore Exchange Online user mailbox | Cloud only (Fully Hosted) environment | Article 1#3 | Part 8#23
09Restore Exchange Online user mailbox | Cloud only (Fully Hosted) environment | Article 2#3 | Part 9#23
10Restore Exchange Online user mailbox | Cloud only (Fully Hosted) environment | Article 3#3 | Part 10#23
Restoring Exchange Online mailbox in Directory synchronization environment
11The special characters of Directory synchronization in an Office 365 environment | Article 1#2 | Part 11#23
12The special characters of Directory synchronization in an Office 365 environment | Article 2#2 | Part 12#23
Restoring user account – On-Premise Active Directory environment
13Deleted Active Directory User account and the Deleted object store | Basic introduction | Article 1#4 | Part 13#23
14How to restore Active Directory deleted user account (Active Directory recycle bin is not enabled) using LDP.EXE | Article 2#4 | Part 14#23
15How to restore Active Directory deleted user account (Active Directory recycle bin is not enabled) using AdRestore, AdRestore.net and LEX – the LDAP explorer | Article 3#4 | Part 15#23
16How to restore Active Directory deleted user account by using Active Directory recycle bin | Article 4#4 | Part 16#23
Restoring Exchange Online mailbox in Directory synchronization environment
17Restore Exchange Online USER mailbox | Directory synchronization environment | The “right way” | Part 17#23
18Prefix – the “Problematic” Exchange Online mailbox restores scenarios in Directory synchronization environment | Part 18#23
19Reviewing the characters of Exchange Online mailbox recovery mistake – New On-Premise Active Directory User Account was created | Part 19#23
20Reviewing the characters of Exchange Online mailbox recovery mistake – Soft Deleted Office 365 was restored | Part 20#23
21Solving an Exchange Online mailbox restore mistake by Restoring the original Soft Deleted Active Directory user | Part 21#23
22Restoring Exchange Online mailbox content to another mailbox using PowerShell command New-MailboxRestoreRequest | Part 22#23
23Solving an Exchange Online mailbox restore mistake Office 365 user was restored – removing the ImmutableID value | Part 23#23

The characters of Exchange Online restore mistake – creating a NEW Active Directory user account – Scenario description

To be able to understand better,

  1. What are the characters of the “Wrong Exchange Online Mailbox Recovery Operation” in which a NEW Active Directory user account is created?
  2. What are the result of this “Wrong Exchange Online Mailbox Recovery Operation?”
  3. What is the offered solution that we will implement in dealing with the “Wrong Exchange Online Mailbox Recovery Operation?”.

Let’s use the following scenario:

Organization mail infrastructure

  • An organization uses Office 365 services, and Exchange Online as his mail infrastructure.

Directory infrastructure

  • Directory management is implemented via the On-Premise Active Directory, and Directory synchronization server (Azure AD Connect).
  • The Directory synchronization server is responsible for synchronizing information from the local On-Premise Active Directory to the Office 365 Directory (Azure Active Directory).

The deletion event

  1. On-Premise Active Directory user account named George deleted (number 1).
  2. The information about the “On-Premise Active Directory user deletion,” synchronized by the Directory synchronization server (Azure AD Connect) to the Office 365 Directory (Azure Active Directory) (number 2).
  3. The result is, that the George Office 365 user account that “bound” to the George deleted On-Premise Active Directory user account,” also deleted (number 3).
  4. When George Office 365 user account deleted, the Exchange Online license that assigned to George Office 365 user account, removed (deleted) (number 3).
  5. Azure Active Directory synchronizes the information to the Exchange Online infrastructure.
  6. When Exchange Online gets the information about the fact that the George Exchange Online license removed, Exchange Online deletes the George Exchange Online mailbox (number 4).

Active Directory user deletion -The flow of the events in Directory synchronization based

The restore request

The Administrator, got a request to – recover George Exchange Online deleted mailbox, and enable George to access his restored Exchange Online mailbox.

The “right” process of recovering Exchange Online in Directory synchronization environment

The “right” restores process supposed to start with – recovering George Soft Deleted On-Premise Active Directory user account, and the rest of the Exchange Online mailbox recovery steps were supposed to “roll along” automatically.

Note – you can read more information about the “right procedure” of recovering Exchange Online in Directory synchronization environment in the article –
The special characters of Directory synchronization in an Office 365 environment | Article 2#2 | Part 12#23

The main characters of the Exchange Online restore mailbox mistake

The Exchange Online mailbox recovery mistake

The Administrator who responsible for performing the task of – restoring George Exchange Online mailbox restore, thought that the solution would implement in the following way:

  • Creating a NEW On-Premise Active Directory user account, with seemingly identical details as the “deleted George’s user account” (the same login name and the same E-mail address).
  • Activating the Directory synchronization process, and synchronize the information about the “recovered” George On-Premise Active Directory user account to – Office 365 Directory (Azure Active Directory).

The Problem -New On-Premise Active Directory User was created -01

The Administrator underlying assumption was, that when the Directory synchronization process will run, the mechanism of Soft Match will be automatically executed.

The Directory Synchronization Soft Match mechanism which supposed to “bind together” the NEW George On-Premise Active Directory user account, with the Azure Active Directory – Soft Deleted George’s user account, because they have the same user login name and the same E-mail address).

The “binding process” will lead to:

  • The automatic restore process of the Office 365 Soft Deleted George’s user account.
  • The automatic process of restoring the Exchange Online license that assigned to the Office 365 user account.
  • The automatic restore process of – George Soft Deleted Exchange Online mailbox.

When the Administrator login to the Office 365 management portal, he sees that the George Office 365 user account “restored” (the Office 365 user account is seemingly restored, the truth is that the Office 365 account that the Administrator sees is a NEW Office 365 user account), and notice that “for some reason,” the Exchange Online license that assigned to George Office 365 user account, not restored.

To fix this “license issue,” the Administrator assigns the required Exchange Online license to George Office 365 user accounts.

Note that the real reason that the Office 365 license not being assigned is, because in this scenario, the original Office 365 not restored, and instead, a NEW Office 365 user account created! (Exchange Online license in not assigned automatically to NEW Office 365 users).

The result

1. The Directory Synchronization Soft match did not occur.

The process of the Directory Synchronization Soft match will not happen!

The Directory synchronization will not “bind” the NEW George Active Directory user to the Soft Deleted George Office 365 user account because, the Soft Deleted Office 365 user account ImmutableID value is already populated with some value (the value of the original George deleted Active Directory user).

The NEW George Active Directory user account has a NEW GUID (Globally Unique Identifier) value that is different from the Soft Deleted Office 365 user account ImmutableID value.

For this reason, Directory synchronization, cannot execute the expected “binding” (Soft Match) between the two user accounts and instead, create NEW Office 365 user account, that will be “bind” to the – NEW On-Premise Active Directory George user account.

2. Two “sets” of user account and Exchange Online mailboxes

The outcome is a “mess.”

Instead of the expected result, the “real result” is that now, we will have “two sets” of user accounts and two sets of Exchange Online mailboxes.

The outcome- New On-Premise Active Directory User was created -01

Set A – The NEW objects

  • The creation of a NEW On-Premise Active Directory user account, will lead to a scenario, in which a NEW Office 365 user account will create.
  • When Exchange Online license assigned to the NEW Office 365 user account, a NEW empty Exchange Online mailbox will be created.

The result is:

  • A NEW Active Directory user account.
  • A NEW Office 365 user account.
  • A NEW Exchange Online mailbox.

Set B – The “former” Soft Deleted objects

The addition “layer” of objects, is the layer of the Soft Deleted objects, that will continue to exist in the various recycle bins:

  • The original George Soft Deleted Active Directory user will continue to be stored in the Active Directory recycle bin.
  • The Soft Deleted George Office 365 user account that “bound” to the Active Directory user, will continue to be stored in the Azure Active Directory recycle bin.
  • Soft Deleted George Exchange Online mailbox, will continue to be stored in the Exchange Online recycle bin.
Note – in an Office 365 based environment, the Soft Deleted user account, and the Soft Deleted Exchange Online mailbox will be kept in the Office 365 recycle bin for a period of 30 days.
At the end of this period, the Soft Deleted object will be will be permanently deleted.

The outcome of Exchange Online mailbox restore mistake -NEW empty mailbox -03

The outcome

The NEW George On-Premise Active Directory user can access his Exchange Online mailbox, but he reports that the Exchange Online mailbox restore failed because the mailbox is empty!

Notice that the Exchange Online mailbox data that supposed to “appear,” is stored in the Soft Deleted Exchange Online mailbox (that is in the Exchange Online recycle bin).

The Problem -New On-Premise Active Directory User was created -01

The proposed solution – Revert the restore mistake

 

There are two common solutions that we can implement for dealing with this type Exchange Online mailbox restore mistake. In the current article, we review the solution that I describe as “Revert the restore mistake.”

The solution -New On-Premise Active Directory User was created -02

In the next article – Restoring Exchange Online mailbox content to another mailbox using PowerShell command New-MailboxRestoreRequest | Part 22#23, we review different solution, in which we restore the data from the Soft Deleted Exchange Online mailbox to – the NEW Exchange Online mailbox.

solution 2-2 – Copy the content of the Soft Deleted Exchange Online mailbox-0

The implementation of this solution includes two steps:

Step 1#2 – Deal with the “restore mistake” by – deleting the “NEW set” of the objects that created. In other words, revert the restore mistake.

The “fix” implemented by deleting the NEW Active Directory user account that created by mistake.

  • In case that we delete the NEW Active Directory user who created, and synchronize the information to the Office 365 Directory, the NEW Office 365 user account that associated with the NEW Active Directory user will be
  • When the Office 365 user deleted, the Exchange Online license that assigned to the Office 365 user will be removed.
  • Exchange Online will delete the NEW empty Exchange Online mailbox that associated with the Office 365 user account.

The Challenge

The task of restoring Soft Deleted Active Directory user account can be considered as relatively easy or, a complex task.

To be able to restore the “right” Soft Deleted user account successfully, we will need to deal with these challenges:

  1. Select the Active Directory user restore method
  • In case that the Active Directory recycle bin already enabled, the task of recovering Soft Deleted user account, can be considered as a simple process, especially if we have a Windows 2012 server domain controller that supports a graphic version of the Active Directory recycle bin.
  • In case that the Active Directory recycle bin not enabled, we will need to “withdraw” to less comfortable Soft Deleted user restore method – the method of restoring “Tombstoned objects.”

To be able to learn more about how to restore the Soft Deleted user account, you can read the following articles:

Case 1 – Active Directory recycle bin was not enabled

In case that the Active Directory recycle bin not enabled, you will need to use a method which described as – restoring “Tombstoned objects.”

To get more detailed information about how to restore Soft Deleted Active Directory user account using the method of Tombstoned objects, you can read the following articles:

Case 2 – Active Directory recycle bin was enabled

To get more detailed information about how to restore Soft Deleted Active Directory user account using the Active Directory recycle bin, you can read the article – How to restore Active Directory deleted user account by using Active Directory recycle bin | Article 4#4 | Part 16#x

  1. Locate the “original” Soft Deleted user account

After we delete the NEW Active Directory user account that “created by mistake,” the Active Directory Deleted Object folder, include two Soft Deleted user accounts that are seemingly identical (have the same display name).

Our challenge is – how to differentiate between the two Soft Deleted user accounts, and locate the original Active Directory Soft Deleted user whom we need to restore.

TheChallenge -New On-Premise Active Directory User was created -04

The solution – step by step

The solution for the Exchange Online mailbox recovery mistake implemented by performing the following steps:

  1. Delete the NEW George On-Premise Active Directory user account that created.
  2. Synchronize the information about the deletion of George’s user account to the Office 365 Directory (Azure Active Directory).
  3. Restore the “original” Soft Deleted George On-Premise Active Directory user account.
  4. Synchronize the information about the restore of George’s user account to the Office 365 Directory (Azure Active Directory).
  5. Verify that the recovery “chain of events” successfully completed:
  • Verify that the information about the restored George Active Directory user account successfully updated in the Azure Active Directory.
  • Verify that the George Office 365 user account successfully restored.
  • Verify that the Exchange Online license that assigned to the Soft Deleted Office George Office 365 user account restored.
  • Verify that the information synchronized to Exchange Online infrastructure and that George Exchange Online mailbox is successfully restored.
  • Verify that George can access his restored Exchange Online mailbox.

Step 1#4 – Simulating the event in which On-Premise Active Directory user account is deleted

 

On-Premise | Active Directory

In our example, we will simulate the scenario, by deleting George On-Premise Active Directory user.

View information about the deleted On-Premise Active Directory user account -01

On-Premise | Active Directory Recycle Bin

The deleted On-Premise Active Directory user account, consider as – “Soft Deleted user account.” The Soft Deleted user accounts kept in the On-Premise Active Directory Deleted object folder.

To be able to view the content of the On-Premise Active Directory Deleted object folder, and especially the information about George Soft Deleted user
account, we will use the PowerShell command – Get-ADObject

The Get-ADObject PowerShell command is used for display and manage On-Premise Active Directory objects.
In our specific example, we use the Get-ADObject command, for displaying information about – Active Directory Soft Deleted objects, that consider as “User accounts objects.”

An example for the PowerShell command that we use is:

In the following screenshot, we can see the information about George Soft Deleted user account:

View information about the deleted On-Premise Active Directory user account -02

Note – in case that you need more detailed information about how to use the Get-ADObject PowerShell command; you can read the article – How to restore Active Directory deleted user account by using Active Directory recycle bin | Article 4#4 | Part 16#23.

On-Premise | Directory synchronization environment

The information about the deletion of George On-Premise Active Directory user account synchronized to the Office 365 Directory (Azure Active Directory) by the Directory synchronization server (Azure AD Connect).

In the next screenshot, we can see the information from the Azure AD Connect log file.

  • Under the section – Export Statistics (number 1), the updated operation defined as – “Deletes.”
  • When we look at the properties of the “update event” (number 2), we can see that the update relates to George user account that deleted (appear under the Changes column as – delete).

View information about the deleted On-Premise Active Directory user account -03

Office 365 | Azure Active Directory | Office 365 Admin Center interface

In this step, we look at the Azure Active Directory recycle bin content, and try to verify If – the deletion of George On-Premise Active Directory user account, lead to a deletion of the Office 365 user account that was “bound” to the George On-Premise Active Directory user account.

The Azure Active Directory provides us a graphic interface for viewing the content of the Azure Active Directory recycle bin.

We can see that the Office 365 user account that “bound” to the George On-Premise Active Directory user account, also deleted, and sent to the Azure Active Directory recycle bin.

It’s important to mention that, the Exchange Online license that assigned to the George Office 365 user account that was deleted (removed).

View information about the deleted On-Premise Active Directory user account -04

Office 365 | Exchange Online infrastructure | Exchange Online Admin Center

Azure Active Directory synchronizes the information about the removal of the Exchange Online license to the Exchange Online infrastructure.

The result is that Exchange Online deletes the Exchange Online mailbox that associated with the George Office 365 user account.

Exchange Online, provides a graphic interface for viewing the content of the Exchange Online recycle bin – recipient => mailboxes => three dots => Deleted mailboxes.

In the following screenshot, we can see the content of the Exchange Online recycle bin.
We can see that the Exchange Online recycle bin includes George Soft Deleted mailbox.

View information about the deleted On-Premise Active Directory user account -05

Step 2#4 – Simulating the Exchange Online mailbox restore mistake

In this section, we will simulate the Exchange Online “recovery mistakes,” in which a NEW Active Directory user account created, instead of the “right restore process,” in which the Soft Deleted George user account supposed to be restored,

Note – you can read more information about the “right procedure” of recovering Exchange Online mailbox in Directory synchronization environment in the article – Restore Exchange Online USER mailbox | Directory synchronization environment | The “right way” | Part 17#23

On-Premise | Active Directory

The Administrator, create a NEW On-Premise Active Directory user account for George, that is seemingly identical to the George user account that deleted.

The NEW George On-Premise Active Directory user account will configured with the same login name and the same E-mail as the “former George user account.”

Creating NEW On-Premise Active Directory User account -01

On-Premise | Directory synchronization environment

The information about the creation of a NEW On-Premise Active Directory user account, is synchronized to the Office 365 Directory (Azure Active Directory).

In the next screenshot, we can see the information from the Azure AD Connect log file.

  • Under the section – Export Statistics (number 1), the updated operation defined as – “Adds.”
  • When we look at the properties of the “update event” (number 2), we can see that the update relates to NEW On-Premise Active Directory – George user account, that created (appear under the Changes column as – add).

Synchronizing the information about the NEW On-Premise Active Directory User account -02

Office 365 | Azure Active Directory | Office 365 Admin center interface

In this step, we want to view the information about the “NEW Office 365 user account” that supposed to be “restored,” after the Directory synchronization process completed.

When looking at the active user list in the Office 365 admin center portal, we can see that a George Office 365 user account “appears.”

Note – notice that this is not the restored George Office 365 user accounts, but instead, a NEW Office 365 user account that created!

When we look at the George Office 365 account properties, we can notice two important parameters:

  • In the Sync Type column, we can see that the user account defined as “Synced with Active Directory” (number 1). The meaning is that the George Office 365 user account, is “bound” to an On-Premise Active Directory user account.
  • In the Status column (number 2), we can see that the Office 365 user account doesn’t have a license. This is a “clue” to the fact, that the George Office 365 user account is not the “original user account” because, the original George Office 365 user had an Exchange Online license.

NEW Office 365 User account was created -03

In our example, the Administrator notices that the George Office 365 account, doesn’t have Office 365 license, and to be able to “activate” the Office 365 user accounts, he assigns the required Exchange Online license to George Office 365 account.

Assign Exchange Online license to the new On-Premise Active Directory user account -04

Office 365 | Exchange Online infrastructure | Exchange Online Admin center

In the following screenshot, we can see that a NEW Exchange Online mailbox, created after we assign the require an Exchange Online license to George Office 365 user accounts.

The new and empty George Exchange Online mailbox -05

Notice an important issue – the NEW Exchange Online is EMPTY!

The bad news - the Exchange Online mailbox is empty

The expectation of the Administrator was, that the “original George mailbox” will be restored, and associated with the restored George Office 365 user account.

In other words, the Administrator expectation was that George will be able to login to his Exchange Online mailbox, and find all his mail items.

The reason that the Exchange Online mailbox is “empty” is because, we see the content of the NEW Exchange Online mailbox that created, and not the content of the original George Soft Deleted Exchange Online mailbox.

To be able to understand better what happened, let’s use the Exchange Online admin center for previewing the two George Exchange Online mailboxes:

  • The original Soft Deleted George’s
  • The NEW created (empty) George Exchange Online mailbox.

In the following screenshot, we can see two Exchange Online mailboxes that “belong” to George:

  1. George Active Exchange Online mailbox

The NEW George Exchange Online mailbox (number 1). This is the NEW empty Exchange Online mailbox that created, as a result of – creating the NEW George Office 365 user account.

  1. George Soft Deleted Exchange Online mailbox

This is the “original George mailbox” (number 2), that Deleted (Soft Deleted), and sent to the Exchange Online recycle bin.

Two Exchange Online mailboxes exists at the same time -06

Step 3#4 – fixing the Exchange Online mailbox restore mistake – Deleting the NEW On-Premise Active Directory user account

In this step, we will “fix” the Exchange Online restore mailbox mistake by – deleting the “NEW set of objects” that created.

Note – In the next step (the next section ), we will review, how to restore the original George On-Premise Active Directory user account.

On-Premise | Active Directory

Theoretically, we will need to delete each of the NEW objects that created (on-Premises objects, and Office 365 objects).

Technically, we will not need to execute the deletion process for each of the NEW created objects separately because, in Directory synchronization environment, all we need to do is delete the “Root object.”

In our example, the “Root Object” is the NEW George On-Premise Active Directory user account.

Deleting the NEW George On-Premise Active Directory user account, will initializes a process in which:

  • The Office 365 user account that is “bound” to the George On-Premise Active Directory user account will be deleted.
  • The Exchange Online license that assigned to the deleted Office 365 user will be removed.
  • The Exchange Online mailbox that is associated with the deleted Office 365 user account, will also be deleted.

In the following screenshot, we can see that we select the NEW George On-Premise Active Directory user account, and delete it!

Deleting the NEW On-Premise Active Directory User account -01

On-Premise | Active Directory Recycle bin

After we have deleted the NEW Active Directory George user account, the Active Directory recycle bin includes two Soft Deleted users who considered as “George user account.”

To be able to understand better the current results, let’s use PowerShell for viewing the content of the On-Premise Active Directory recycle bin.

An example for the PowerShell command that we use is:

In the following screenshot, we can see that the On-Premise Active Directory recycle bin, include two Soft Deleted user accounts (two George Soft Deleted user accounts).

  • The soft Deleted user account that represents the “original” George Active Directory user account (number 1).
  • The soft Deleted user account that represents the “NEW” George Active Directory user account (number 2).

View information about the deleted On-Premise Active Directory user accounts -02

Office 365 | Azure Active Directory | Office 365 Admin center interface

When looking at the Azure Active Directory recycle bin, we can see that now, the Azure Active Directory recycle bin includes two deleted user accounts:

  • The soft Deleted user account that represents the “original” George Office 365 user account (number 1).
  • The soft Deleted user account that represents the “NEW” George Office 365 user account (number 2).

Notice that although the deleted Office 365 user accounts look “identical,” the “clue” for the variance between this Soft Deleted user accounts is – the deletion date.

The deletion date of the “original Soft Deleted George Office 365 user account” must be the earliest date, then the “deletion date” of the NEW George Office 365 user account.

View information about the deleted On-Premise Active Directory user accounts -03

Office 365 | Exchange Online infrastructure | Exchange Online Admin center

In the following screenshot, we can see the content of the Exchange Online recycle bin.

We can see that now; the Exchange Online recycle bin includes two Soft Deleted Exchange Online mailboxes:

  • The Soft Deleted Exchange Online mailbox that associated with the “original” George Office 365 user account (number 1).
  • The Soft Deleted Exchange Online mailbox that associated with the “NEW” George Office 365 user account (number 2).

View information about the deleted On-Premise Active Directory user accounts -04

Step 4#4 – fixing the Exchange Online mailbox restore Mistakes – recovering the Soft Deleted On-Premise Active Directory user account

In this section, we will restore the “original George On-Premise Active Directory user account” that deleted.

The restore process of the “original On-Premise Active Directory user account,” will initialize a sequence of events, which will end, with the successful restore of the original George Soft Deleted Exchange Online mailbox.

Successfully restore of the original George Soft Deleted Exchange Online mailbox

On-Premise | Active Directory Recycle bin

The restore process of the Soft Deleted Active Directory object (George user account), is implemented by – “addressing” the On-Premise Active Directory recycle bin, using a PowerShell command.

Restoring an Active Directory user account | The available restore options

In our scenario, the Active Directory recycle bin was activated.
We will demonstrate how to perform the restore of the Active Directory Soft Deleted user account, by using a combination of the PowerShell commands: Get-ADObject + Restore-ADObject

A scenario in which Active Directory in which the recycle bin was not enabled

In case that the Active Directory recycle bin feature was not activated in your Active Directory environment, there are additional options for recovering Soft Deleted Active Directory user account.

To get more detailed information about how to restore Soft Deleted Active Directory user account using the method of Tombstoned objects, you can read the following articles:

Before we start with the execution of the required PowerShell command, let’s briefly review two obstacles that we should go through.

The challenges that stand before us are:

Challenge 1#2 – how to identify the “original” George user account

The On-Premise Active Directory recycle bin will include two Soft DeletedGeorge user account.”

How can we know what is the “original George user account” that we need to recover?
In other words, how to differentiate between the two Soft Deleted “George user account”?

How identify and distinguish the Original user account from NEW Soft Dele

The solution

The main difference between the “original” George user account and the NEW George user account is – the date in which they were created.

The original George user account creation date is “earlier” than the NEW George user account creation date.

Challenge 2#2 – how to “instruct” the On-Premise Active Directory recycle bin, which of the user account to restore

In our scenario, the On-Premise Active Directory recycle bin includes two Soft Deleted user objects that relate to the George user account.

Bout of the Soft Deleted object uses the same display name, the same user principal name and so on.
We will need to find a unique identifier, which will enable us to “point” the original George user account that we want to restore.

The solution

To be able to instruct the On-Premise Active Directory recycle bin to “fetch” the original George user account, we will address the Soft Deleted user account object by using the GUID (Globally unique identifier) value.

View the content of the On-Premise Active Directory recycle bin

To view the content of the On-Premise Active Directory recycle bin, we use the following PowerShell command:

In the following screenshot, we can see that the On-Premise Active Directory recycle bin includes two Soft Deleted user accounts (two George Soft Deleted user accounts).

Phase 11-14 -Restoring the original User account -01

As mentioned, we will need to identify the “original” Soft Deleted George’s user account and then, reference the Soft Deleted object by using the object GUID value.

Quick reminder – we cannot reference the Soft Deleted object by using standard identifiers such as display name or UPN because, in our scenario, these identifiers are identical.

Phase 11-14 -Restoring the original User account -02

When we look at the apparently identical Soft Deleted user accounts, notice that there are some differences.

When looking at the property WhenCreated, we can see that-

  • The value of the “upper” Soft Deleted user account (number 1) is-
    WhenCreated = 9/24/2016
  • The value of the “lower” Soft Deleted user account (number 2) is-
    WhenCreated = 9/25/2016

The meaning is that the “upper Soft Deleted user account” (number 1), is the “original George user account” because, his “creation date” is earlier than the second Soft Deleted George’s user account.

After we have recognized the “original Soft Deleted George’s user account,” we will need to “write down” the GUID value of the original George Soft Deleted user account because, in the next phase, we will use the GUID value for referencing the “original” Soft Deleted George’s user account that we restore.

Phase 11-14 -Restoring the original User account -03

In our specific example, the GUID value is – c8c29077-7aa6-4623-a759-3779376a1c2c

The PowerShell command that we use in restoring the “original” Soft Deleted George’s user account is:

The PowerShell command that we use for restoring the Soft Deleted user account doesn’t display any output regarding the result of the restore process.

Phase 11-14 -Restoring the original User account -04

To be able to verify that the original” Soft Deleted George’s user account is successfully restored, we can view the content of the On-Premise Active Directory again recycle bin.

In the following screenshot, we can see that now, we can see only one Soft Deleted user account. The meaning is that the Soft Deleted user account that we restore in the previous step was successfully restored and “removed” from the On-Premise Active Directory recycle bin.

Phase 11-14 -Restoring the original User account -05

On-Premise | Active Directory

In the following screenshot, when looking at the On-Premise Active Directory, we can see that the original” Soft Deleted George’s user account successfully restored.

Viewing the information about the original restored user -01

Office 365 | Azure Active Directory | Office 365 Admin center interface

In the following section, we want to verify if the information about the restored George On-Premise Active Directory user account, was successfully synchronized to the cloud (Azure Active Directory).

Also, we want to verify if the Azure Active Directory “understand” that she should restore the Soft Deleted Office 365 user account that was “bound” to the restored George On-Premise Active Directory user account.

Active Directory Azure – recycle bin

In the following screenshot, we can see the content of the Azure Active Directory recycle bin (Azure Active Directory Admin Center, Deleted Users menu).

If you remember, in the former section, the Azure Active Directory recycle bin includes two Soft Deleted user accounts.

Now, we can see that the Azure Active Directory recycle bin includes only one Soft Deleted user account. This is the NEW George user account.

Viewing the information about the original restored user -02

Active Directory Azure – Active user lists

In the following screenshot, we can see the list of the Azure Active Directory Active users.

We can see that now, the Active user list, include the Office 365 user account – George

Notice that we can see two important pieces of information about George Office 365 user account:

  1. The Office 365 user account appear is synchronized (number 2).
    The meaning is that the Azure Active Directory, manage to “understand” that the restored On-Premise Active Directory George user account, was “bound” to the Soft Deleted Office 365 user account. The George Office 365 user account restored, and “attached” back to the On-Premise Active Directory user account.
  2. Office 365 license

Notice of the important information about the Office 365 license! (number 1)

In the following screenshot, we can see that the George user account has a license (E3 license in our scenario).
We didn’t assign the Office 365 license, but instead, the original Office 365 user accounts, was restored together with his Office 365 license, that was assigned to the user account, before he deleted.

Viewing the information about the original restored user -03

Office 365 | Exchange Online infrastructure | Exchange Online Admin center

In the last phase, we want to verify that our main mission – restoring George’s original Exchange Online mailbox successfully completed!

The main mission - Restoring George original Exchange Online mailbox

We will use the Exchange Online admin center, for getting additional information about the status of George’s original Exchange Online mailbox.

In the following screenshot, we can see side by side display of the active Exchange Online mailbox list and the Soft Deleted Exchange Online mailboxes (Exchange Online recycle bin).

We can see that now, the Exchange Online recycle bin includes only one Soft Deleted Exchange Online mailbox; this is the mailbox of the NEW user account that deleted (number 2).

In the Exchange Online active mailbox list, we can see that George’s mailbox was restored (number 1).

Viewing the information about the original restored user -04

To verify that the Exchange Online mailbox that was restored is indeed the “original George Exchange Online mailbox”, we login to George mailbox.

In the following screenshot, we can see that the mailbox includes the original George mail items.

The original Exchange Online mailbox was restored -05

Restore Exchange Online mailbox | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Print Friendly, PDF & Email

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron
Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama

Leave a Reply

Your email address will not be published. Required fields are marked *