Mailbox Restore/Recovery
Just sharing some of the fun processes I learnt and played with this month, to restore some tricky, deleted AD users.
Microsoft Troubleshooter Tool
Restoring Soft-Deleted Mailbox to another Mailbox
#Connect to Office 365 $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session # List the Soft Deleted Mailboxs and pick the one that needs to be imported $DeletedMailbox = Get-Mailbox -SoftDeletedMailbox | Select DisplayName,ExchangeGuid,PrimarySmtpAddress,ArchiveStatus,DistinguishedName | Out-GridView -Title "Select Mailbox and GUID" -PassThru # Get Target Mailbox $MergeMailboxTo = Get-Mailbox | Select Name,PrimarySmtpAddress,DistinguishedName | Out-GridView -Title "Select the mailbox to merge the deleted mailbox to" -PassThru # Run the Merge Command New-MailboxRestoreRequest -SourceMailbox $DeletedMailbox.DistinguishedName -TargetMailbox $MergeMailboxTo.PrimarySmtpAddress -AllowLegacyDNMismatch # View the progress #Grab the restore ID for the one you want progress on. $RestoreProgress = Get-MailboxRestoreRequest | Select Name,TargetMailbox,Status,RequestGuid | Out-GridView -Title "Restore Request List" -PassThru # Get the progress in Percent complete Get-MailboxRestoreRequestStatistics -Identity $RestoreProgress.RequestGuid | Select Name,StatusDetail,TargetAlias,PercentComplete
ExRemoved-<guid>@tenant.onmicrosoft.com
If you remove a user with an Exchange Mailbox from the Exchange Admin Center, the user account is named to ExRemove-<guid>@tenant.onmicrosoft.com.
To restore this account to its pre-deleted state, you must restore it from Windows PowerShell, using the Restore-MsolUser cmdlet with the NewUserPrincipalName parameter (specifying the original UserPrincipalName as its argument), or reset the UserPrincipalName after the restore has completed.
Restore-MsolUser -UserPrincipalName alias@tenant.onmicrosoft.com
To get the original address you can use:
Get-Mailbox -SoftDeletedMailbox | Select DisplayName, PrimarySmtpAddress
If this fails, then click Restore from Deleted Users in Office 365 Admin Console Under Users.
Then reset the UPN:
Set-MsolUserPrincipalName -UserPrincipalName ExRemoved-<guid>@tenant.onmicrosoft.com -NewUserPrincipalName user@domain.com
If they are Federated, you will have to use:
Set-MsolUserPrincipalName - UserPrincipalName ExRemoved-<guid>@tenant.onmicrosoft.com -NewUserPrincipalName user@tenant.onmicrosoft.com
Then under Active Users, you can edit the Display Name, UPN Suffix, etc.
Permanently Removing Deleted Users
If you have inadvertently created a number of MsolUsers in the process of Mailbox recovery, then it may get cluttered in the Deleted Users and you may not necessarily be able to restore/delete the correct users.
Get-MsolUser -ReturnDeletedUsers Remove-MsolUser -UserPrincipalName user@domain.com -RemoveFromRecycleBin
If there are duplicates, it will return an error.
The alternative here is to user the ObjectId of the MsolUser
Get-MsolUser -ReturnDeletedUsers | Select UserPrincipalName, ObjectId Remove-MsolUser -ObjectId <ObjectId> -RemoveFromRecycleBin
Restore “Accidental” deletion of synced ADuser
Veeam Method
From the Domain Controller VM in the backup job, select restore Active Directory Object, and restore to original location. May need to restore backup file from Tape.
ADRestore method
ADRestore.exe -r <Name>
Ensure ADuser is in correct synced OU and aliases are unique, then run an AD Sync.
O365 user will re-appear in Active Users and the Mailbox will eventually return to Exchange Online depending on the size.
O365 user will re-appear in Active Users and the Mailbox will eventually return to Exchange Online depending on the size.
Personally I prefer this method.
Featured Image courtesy of zionumcwhitehouse.org
M365 Senpai 