Restore user mailboxes (mailbox recovery) in Exchange Online
What does this guided walkthrough do?
This guided walkthrough is intended to provide the best possible way to recover a user and mailbox in Exchange Online.
Who is it for?
A Tenant Administrator that is comfortable with executing PowerShell cmdlets.
How does it work?
We are going to ask you some specific questions to scope your situation. Then we’ll take you through a series of steps tailored to your scenario.
Estimated time of completion:
30-45 minutes.
Select the current state of the On-Premises user account
Select the current state of the On-Premises user account
Azure Active Directory User Account Status
- Install Azure AD Module
- Open the Microsoft Online Services Module (shortcut from the desktop)
- Run: $cred=Get-Credential. Note
When prompted for credentials, type your Office 365 administration account credentials.
- Run: Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365.
- Run: Get-MSOLUser –UserPrincipalName <UPN>
Example: UserPrincipalName: user@contoso.com If the user information is returned the user is PRESENT. If the user information is not returned, please proceed to step #6 - Run: Get-MSOLUser –UserPrincipalName <UPN> –ReturnDeletedUsers |SELECT-OBJECT
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either Step 5 or Step 6, the MSOL object is HARD DELETED.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
AD User Account Deleted, Online Account Present, Online Mailbox Present
Contact Microsoft Support
AD User Account Deleted, Azure AD Account Present, Online Mailbox not present
Contact Microsoft Support
AD Account Deleted, Azure AD Account Present (Soft deleted), Online Mailbox Soft Deleted
Restore the AD user and run directory synchronization, which will “soft match” the AD user object and the Azure AD object, including reconnecting the “soft deleted” mailbox.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Restore the onPremise AD User
- Run a Delta Directory Sync
- Apply a new exchange online license to the newly created Azure AD object
- Use the New-MailboxRestoreRequest to merge the content of the “soft deleted” mailbox to the active mailbox. See an example in the screen capture below:
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Present
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Attempt to delete mailbox using by using the Remove-Mailbox cmdlet on the affected mailboxExample: From the Exchange Online PowerShell, run: Remove-Mailbox
- If step 2 fails, skip to step 8
- Restore the on-premises AD User
- Run a Delta Directory Sync
- Apply a new exchange online license to the newly created Azure AD object
- Use the New-MailboxRestoreRequest to merge the content of the soft deleted mailbox to the active mailbox. See an example in the screen capture below:
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Not present
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Soft Deleted
Solution:
Restore Inactive mailbox and perform a “soft match”
Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
Connect the Soft Deleted Mailbox to a new Azure AD Account with the steps below:
- If the tenant IS NOT using SSO (Single Sign-On), run the cmdlet:
New-Mailbox -Name "UserName" -InactiveMailbox -MicrosoftOnlineServicesID UserName@contoso.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText –Force) - If the tenant IS using ADFS (Identity Federation), run the cmdlet:
New-Mailbox -Name "UserName" -InactiveMailbox -MicrosoftOnlineServicesID UserName@contoso.onmicrosoft.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText –Force)
- If the tenant IS NOT using SSO (Single Sign-On), run the cmdlet:
Restore or create a new On-premises AD user. Ensure that the on-premises account’s Primary SMTP Address matches the Primary SMTP Address of the Office 365 object. Change the on-premises object’s address to match if it does not.
Using Azure Active Directory Connect to run a Directory synchronization will “soft match” the On-Premises account with the new Azure AD account.
AD User Account Deleted, Azure AD Account Soft Deleted, Online Mailbox Present
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Run: Get-msoluser -returndeletedusers -userprincipalname user@contoso.com |Select-Object ObjectID
- Run: Get-mailbox user@contoso.com |Select-Object ExternalDirectoryObjectID, UserPrincipalName
•If the Object IDs match from step 2 and 3, then follow continue to step 4
•If the Objects ID’s do not match from step 2 and 3 please call support - Create a new On-premises AD user and ensure that the on-premises accounts Primary SMTP Address matches the Primary SMTP Address of the Office 365 object.
- Ensure the UPN of the AD user object matches what was returned in step 3
- Wait three hours for the account to replicate to the Online services
- If the Mailbox did not reconnect please call Microsoft Support
AD User Account Deleted, Azure AD Account Soft Deleted, Online Mailbox Not Present
AD Account Deleted, Online Account Soft Deleted, Online Mailbox Soft Deleted
- Restore or create a new On-premises AD user and ensure that the on-premises accounts Primary SMTP Address matches the Primary SMTP Address of the Office 365 object.
- Ensure the UPN for the AD user object is the same as it was before the deletion
- Wait three hours for the account to replicate to the Online services
- If the Mailbox did not reconnect please call Microsoft Support
Azure Active Directory User Account Status
- Install Azure AD Module
- Open the Microsoft Online Services Module (shortcut from the desktop)
- Run: $cred=Get-Credential. Note
When prompted for credentials, type your Office 365 administration account credentials.
- Run: Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365.
- Run: Get-MSOLUser –UserPrincipalName <UPN>
Example: UserPrincipalName: user@contoso.com
If the user information is returned the user is PRESENT. If the user information is not returned, please proceed to step #6 - Run: Get-MSOLUser –UserPrincipalName <UPN> –ReturnDeletedUsers |SELECT-OBJECT
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either Step 5 or Step 6, the MSOL object is HARD DELETED.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
To Connect to Exchange Online Remote PowerShell and verify the status of the Exchange OnlineMailbox, follow the instructions below:
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Azure AD Account Present, Exchange Online Mailbox Present
Azure AD Account Present, Exchange Online Mailbox Soft Deleted
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Run: Get-Mailbox -Softdeletedmailbox user@contoso.com |Select-Object ExternalDirectoryObjectID
- Run: Get-Msoluser -ObjectID
- Check if the ExternalDirectoryObjectID values from step 2 and step 3 match.
- If they do, soft-delete the Azure AD user by Running Remove-Msoluser -Userprincipalname user@contoso.com
- Run: $DelUser = Get-MsolUser -UserPrincipalName FSlattery@contoso.com -ReturnDeletedUsers
- Restore-MsolUser -ObjectId $DelUser.ObjectId
- After 5 minutes, restore the Azure AD user using the steps below:
- If the ExternalDirectoryObjectID values from step 2 and step 3 do not match, it means there is a duplicate Azure AD user. Please contact support.
Azure AD Account Present, Exchange Online Mailbox Not present (Purged)
- Login to the Office 365 porta at http://portal.office.com and check the user’s license status
- Check to see if the user has a valid license. If user doesn’t have a valid license, apply an Exchange Online License.
- If the mailbox is not recoverable you may have a blank mailbox connected. While it is unlikely that we can recover your data you can call into support.
Azure AD Account Soft Deleted, Exchange Online Mailbox Present
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Run: get-mailbox -identity User@contoso.com |Select-Object ExternalDirectoryObjectID
- Run: get-msoluser -objectID < specify ExternalDirectoryObjectID from step 2> -returnDeletedUsers |select-object
- Confirm that the MSOLUser is returned from step 3 and then, simply restore the deleted MSOL user back to an Active user using the steps below:
- Run: $DelUser = Get-MsolUser -UserPrincipalName User@contoso.com -ReturnDeletedUsers
Run: Restore-MsolUser -ObjectId $DelUser.ObjectId
- Run: $DelUser = Get-MsolUser -UserPrincipalName User@contoso.com -ReturnDeletedUsers
- Login to the mailbox using the UserPrincipalName and verify you are able to access the mailbox.
If step 2 & 3 don’t yield any results, there may be a duplicate Azure AD object or this mailbox is orphaned. Contact support to resolve the issue.
Online Account Soft Deleted, Online Mailbox Soft Deleted
- Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization. To determine the type of filtering setup in your organization, follow this article
- Force delta synchronization
- After synchronization is complete, confirm that the user is present in Azure AD (through O365 admin center ->Active users). The mailbox will get re-connected to the Azure AD user automatically.
Online Account Soft Deleted, Online Mailbox is not present (Purged)
- Connect to Azure AD PowerShell
- Check License on the object using:
get-msoluser -userprincipalname user@contoso.com |Select-object Licenses - If license property doesn’t hold any value, the mailbox is not recoverable.
- Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization.
To determine the type of filtering setup in your organization, follow this article - Run a Delta Directory synchronization
- Once Azure AD user (MSOL User) has been restored, apply a license to provision new mailbox
Azure AD Account Hard Deleted, Online Mailbox Present
Azure AD Account Hard Deleted, Exchange Online Mailbox Soft Deleted
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell
- Next, determine the state of the soft-deleted mailbox.
Run: Get-mailbox –softdeletedmailbox –identity "<UserPrincipalName of the user>" |select-object IsInactiveMailbox - Based on the value of IsInactiveMailbox, take the appropriate steps:
If IsInactiveMailbox is True:- Run: Get-Mailbox "<UserPrincipalName of the user>" -softdeletedmailbox| Select Name, DisplayName, MicrosoftOnlineServicesID, ExchangeGuid
- Run: New-Mailbox -Name "<Name from Step 2>" -inactivemailbox "<ExchangeGuid from Step 2>" -MicrosoftOnlineServicesID "<MicrosoftOnlineServicesID from Step 2>" -Password (ConvertTo-SecureString -String 'Pa##w0rd goes here' -AsPlainText -Force)
- Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization.
To determine the type of filtering setup in your organization, follow this article . The Azure Active Directory user will soft-match to the on-premises Active Directory user.
- Run: Undo-SoftDeletedMailbox user@contoso.com -WindowsLiveID user@contoso.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
- Connect to Azure AD PowerShell
- Run: get-msoluser -userprincipalname user@contoso.com
- Once you verified that the MSOLUser is returned in the previous step force a delta sync from on-premises Active Directory. It will soft-match to the user in Azure Active Directory.
Azure AD account Hard Deleted, Exchange Online Mailbox not present (Purged)
- Force a delta synchronization to sync the on-premises Active Directory user to Azure Active Directory
- If in an Exchange Hybrid environment
- Provision an Exchange Online mailbox for the user
Enable-RemoteMailbox "Kim Akers" -RemoteRoutingAddress "kima@contoso.mail.onmicrosoft.com “ - Assign an Exchange online license to the user through the Office 365 portal.
- If not in an Exchange Hybrid environment, simply assign the Exchange Online License for the user
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status
- Click Start -> All Programs -> Accessories -> Windows PowerShell > Windows PowerShell
- Type $Cred = Get-Credential Note
When prompted for credentials, type your Office 365 administration account credentials
- Type $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
- Type Import-PSSession $Session
- Run: Get-Mailbox –Identity <user Alias>
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step “6” - Run: Get-Mailbox –SoftDeletedMailbox –identity <user Alias>
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step “7” - If nothing is returned from steps 5 & 6 above, select the MAILBOX NOT PRESENT option.
Online Account Present, Online Mailbox Present
Online Account Present, Online Mailbox Soft-Deleted
- Login to Exchange Online Remote PowerShell
- Recover the soft-deleted mailbox using the command below.
Run: Undo- SoftDeletedMailbox user@contoso.com -WindowsLiveID user@contoso.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
Reference: https://technet.microsoft.com/en-us/library/jj200770(v=exchg.160).aspx - Login to the Office 365 portal and check the user’s license status If user doesn’t have a valid license, please apply the Exchange online license.
Azure AD Account Present, Online Mailbox Not Present
- Login to the Office 365 portal as the tenant Administrator
- Assign the Exchange Online License for the user.
Azure AD Account soft-deleted, Online Mailbox Present
Azure AD account soft-deleted, Exchange Online Mailbox not present
- Log in to Office 365 portal .
- Create a new user account for the affected user
- Assign the Exchange Online License for the user.
Any old data will not be present in this new mailbox.
Azure AD Account soft-deleted, Exchange Online Mailbox Soft Deleted
- Connect to Azure AD PowerShell.
- Restore the Azure AD user using the steps below:
- Run: $DelUser = Get-MsolUser -UserPrincipalName FSlattery@contoso.com -ReturnDeletedUsers
- Restore-MsolUser -ObjectId $DelUser.ObjectId
- Log into Office 365 portal and assign the Exchange Online License for the user.
Azure AD Account Hard Deleted, Online Mailbox Present
Online Account Hard Deleted, Online Mailbox soft-deleted
- Connect to Exchange Online remote PowerShell
- We need to determine the state of the soft-deleted mailbox.
Run: Get-mailbox –softdeletedmailbox –identity "<UserPrincipalName of the user>" |select-object IsInactiveMailbox - Based on the value of IsInactiveMailbox, take the appropriate steps:
If IsInactiveMailbox is True:- Run: Get-Mailbox "<UserPrincipalName of the user>" -softdeletedmailbox| Select Name, DisplayName, MicrosoftOnlineServicesID, ExchangeGuid
- Run: New-Mailbox -Name "<Name from Step 2>" -inactivemailbox "<ExchangeGuid from Step 2>" -MicrosoftOnlineServicesID "<MicrosoftOnlineServicesID from Step 2>" -Password (ConvertTo-SecureString -String 'Pa##w0rd goes here' -AsPlainText -Force)
- Run: Undo-SoftDeletedMailbox user@contoso.com -WindowsLiveID user@contoso.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
- Connect to Azure AD PowerShell
- Run: get-msoluser -userprincipalname user@contoso.com
- Log into Office 365 portal and assign the Exchange Online License for the user.
Online Account hard deleted, Online Mailbox Not Present
- Log in to Office 365 portal .
- Create a new user account for the affected user
- Assign the Exchange Online License for the user.
Any old data will not be present in this new mailbox
Congratulations! Your scenario is complete.
Additional Resources
- Use search to find a solution to your issue.
- Sign in with your Office 365 admin credentials, and then post a question to the community.
Azure Active Directory User Account Status
- Install Azure AD Module
- Open the Microsoft Online Services Module (shortcut from the desktop)
- Run: $cred=Get-Credential. Note
When prompted for credentials, type your Office 365 administration account credentials.
- Run: Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365.
- Run: Get-MSOLUser –UserPrincipalName <UPN>
Example: UserPrincipalName: user@contoso.com
If the user information is returned the user is PRESENT. If the user information is not returned, please proceed to step #6 - Run: Get-MSOLUser –UserPrincipalName <UPN> –ReturnDeletedUsers |SELECT-OBJECT
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either Step 5 or Step 6, the MSOL object is HARD DELETED.