Restoring an Azure AD user will update its attributes, link to manager, role assignments, group ownerships, group and unit memberships, and licenses.
Restore an Azure AD user
Before you restore, ensure the Azure AD service account that was used to create the connector is assigned the global admin role.
1. Locate the user in your connector.
2. Optional: If you want to restore an older version of the item, click the Snapshots Viewer icon, and then select an earlier snapshot. You will now be viewing data from that particular time.
3. Select ••• > Restore.
Tip: To preview the attributes and relationships and to compare them to older versions, select ••• > Object metadata. You can also restore directly from the previewer.
4. Click Yes to restore the user.
Note: To restore multiple users at time, select the items. In the toolbar, select Restore.
What happens when I restore a user
Restoring a user will restore its attributes and licenses, and reestablish the following relationships:
- Memberships - links to groups and admin units that the user is a member of
- Ownerships - links to groups that the user is an owner of
- Role assignments - links to roles that are assigned to this user
- Manager - the link to the user's manager
A relationship can be reestablished only if the linked object still exists in Azure AD.
If the user was deleted from Azure AD, metadata and relationships will be recreated. The user will receive a new object ID and new creation time.
This diagram shows the relationships that are restored:
- If the user was a member of a distribution group or mail-enabled security group, we cannot reestablish the links to these groups due to an API limitation. In this case, the restore job will be marked as incomplete, and these relationships will be skipped.
- Authentication methods are not restored.
Note: A user's group-inherited roles are not displayed in the UI, but they are backed up and restored.