Restoring an Entra ID group will update its attributes, links to members and owners, group and unit memberships, role assignments, and licenses.

Restore an Entra ID group

Before you restore, ensure the Entra ID service account that was used to create the connector is assigned the global admin role.

1. Locate the group in your connector.

2. Optional: If you want to restore an older version of the object, click the Snapshots Viewer icon, and then select an earlier snapshot. You will now be viewing data from that particular time.

3. Select ••• > Restore.

Tip: To preview the attributes and relationships and to compare them to older versions, select ••• > Object metadata. You can also restore directly from the previewer. 

4. Select whether to restore subobjects.
Subobjects can be member groups, member users, and group owners.

  • If you select Restore only this object, click Next.
  • If you select Also restore subobjects, click Next. Then select the restore method for the related items and click Next

5. Review the summary and select Restore.

Note: Groups can be restored in bulk, but the option to restore related items will be disabled. 

What happens when I restore a group

Restoring a group will restore its attributes and licenses, and reestablish the following relationships:

  • Members - links to users and groups that are members of this group
  • Memberships - links to groups and admin units that the group is a member of
  • Owners - links to users who are owners of this group
  • Role assignments - links to roles that are assigned to this group

A relationship can be reestablished only if the linked object still exists in Entra ID.

If the group has been deleted from Entra ID, metadata and relationships will be recreated. The group will receive a new object ID and new creation date.

This diagram shows the relationships that are restored:


 

Restoring dynamic groups

If you restore a dynamic group, we will restore the rule that determines members for this group. Microsoft will then add these members to the group.

Restore limitations

  • Distribution groups and mail-enabled security groups are not restored
  • Group photos are not restored 

Restoring a group together with subobjects

A group's subobjects are its member users, member groups, and group owners. 

Enabling subobjects restore will create missing subobjects. This means for each missing user and group we will restore attributes and relationships (and, if applicable, licenses). All recreated users and groups will receive new IDs.

Groups or users that exist in Entra ID but are not present in the snapshot will have their links to the group removed, but the objects themselves will not be deleted from Entra ID.

If you select create missing and update existing subobjects:

  • We will create users and groups that have been deleted. 
  • For each existing user, we will update its attributes, link to manager, role assignments, group ownerships, group and unit memberships, and licenses.
  • For each existing group, we will update its attributes, links to members and owners, group and unit memberships, role assignments, and licenses.

If you select only create missing subobjects:

  • We will create users and groups that have been deleted.
  • We will not update the attributes, relationships, licenses, and authentication methods of existing users and groups.

Note: We cannot reestablish deleted users' memberships to distribution and mail-enabled groups. In this case, the restore job will be marked as incomplete, and these relationships will be skipped.