fbpx

Company News

Recreate a Deleted User in AD and Sync to Office365

March 25, 2016

Scenario

You have Directory Synchronization configured in your domain and on occasion you need to delete a synced user in AD then recreate the account.

Here are the steps required in order to enable successful synchronization of the recreated AD account to Office 365.

 

Step 1

Delete the user account from AD and perform a sync in order to also remove the user from O365.  The cloud account will move to the Deleted users area in O365

 

Step 2

In Office365 restore the user from “Deleted Users” area.  After it has been restored the user will show up as “in cloud” vs. “synced with Active Directory”

 

Step 3

Recreate the account in AD.  Ensure that you have filled in the Email section and the Proxy Address for Primary mail account via user object properties and Attribute Editor tab.

 

Now for the nifty part…Hard Matching using the AD user ObjectGuid

 

Step 4

Open the AD user object properties and Attribute Editor tab.  Search for Distinguished name and copy the path.

ldifde -d "CN=Someone,OU=Users,DC=someplace,DC=com" -f c:\User.txt

 

Step 5

Open the text file you created in Step 4 and copy the user’s ObjectGUID  EG: 5WyOPyLejk2wiSyVaLQSGw==

 

Step 6

Open PowerShell and update the Cloud users ImmutableID with the ObjectGuid of the AD domain user you copied in Step 5

Set-MsolUser –UserPrincipalName someone@someplace.com -ImmutableId "5WyOPyLejk2wiSyVaLQSGw==”

 

Step 7

In PowerShell check that the new ImmutableID has been applied

Get-MsolUser –UserPrincipalName someone@someplace.com | FT name,ImmutableID

 

Step 8

Run a synchronization and confirm successful sync.  The cloud user will again become “synced with Active Directory”

20 Responses

  1. infraVirt says:

    Hi Stephanie,
    Many thanks, works like a charm
    D 🙂

  2. Sandra says:

    Hi,
    This is a very informative blog. Thanks for such a lovely post.

    I also found another post that is on the same topic. Please follow the link below to know more about the restoration of deleted users in Office 365.

    Restore a User in Office 365

  3. Anonymous says:

    Stephanie,

    After searching for hours on Microsoft library documentation and trying different methods, I couldn’t find a solution. Thankfully, I found your documentation, very well explained, which actually helped me to fix my problem.

    Thank you.

  4. Beth K says:

    A thousand thank yous! This helped me fix a huge problem!

  5. Chris Baker says:

    Thank you so much Stephanie Kahlam you are a star

  6. Todd says:

    If you get the error below like I did:

    Set-MsolUser : You must provide a required property: Parameter name:
    FederatedUser.SourceAnchor

    To solve the issue:

    1, Connect PowerShell to Office 365.

    2, Change the user’s suffix to the default onmicrosoft.com by using the example below:

    Set-MsolUserPrincipalName -UserPrincipalName address@domain.com -NewUserPrincipalName address@domain.mail.onmicrosoft.com

    3, You can then use the Set-MsolUser to modify the ImmutableId.

    4, After the changes are done, change the user’s suffix back to the custom domain by using the example below:

    Set-MsolUserPrincipalName -UserPrincipalName address@domain.mail.onmicrosoft.com -NewUserPrincipalName address@domain.com

    Cheers

  7. Ram says:

    Appreciate your time and effort for this post and steps. Thanks a ton.

  8. Lionel S. says:

    Thanks a lot Stephanie for this! It also worked for me.

  9. Whisley Santos says:

    I have no words to thank you. You just saved my ass haha
    All the best and thank you so much.

  10. Henrique says:

    Hi

    Thanks for the post. Here is a question for you:

    Will this work if you recreate the account on a different domain other than the original were it was created?

    Thank

  11. Hasan says:

    Hi,
    So my environment is like:
    1. Create master account in AD
    2. Create mailbox and linked it to master account
    3. Migrate it

    So when i delete resource account, master account remains there. I tried this suggestion the user is showing synced with AD in cloud but on prem after re-creating that mailbox it is still showing as LINKED. Any idea how to handle it in such environment.

  12. Steve Drake says:

    Very usefull info, I needed todo this for a different reason and I had a bogus user in my recycle bin.

  13. Steven Powell says:

    You just saved me a whole bunch of heartache. Worked perfectly

  14. James says:

    Thank you! I was searching for a long time and finally came across this. It did the trick perfectly.

  15. Bob Puts says:

    Thanks a lot. It solved my problem.

  16. Mustafa yar Khan says:

    Awesome explanation appreciate your hard work.

  17. anjay says:

    Still relevant! thanks!

  18. This worked perfectly, thank you!

    We have an 6 year old tenant and recently went from cloud-only to adding an on-prem server with an AD. There were a few accounts, which simply refused to sync, even though the proxy-addresses and UPN were good.

    with this little push AAD linked both together.

  19. Kevin says:

    Amazing. I looked everywhere and tried many things. This was spot on, easy to follow and best of all – WORKED !!!

    Thank you TONS!

Leave a Reply

Stephanie Kahlam

Stephanie Kahlam

 

Subscribe via Email

Categories

Powered by...

itgroove Corporate Profile
Connect With Us