When a former employee rejoins an organization, there is one common and yet challenging request our team often receives: restore cloud mailbox data for the rehired user.
Microsoft provides a web-based method for recovering mailboxes deleted less than 30 days prior. In most rehire scenarios, this option isn’t applicable because the return window is more than a month.
While there is no guarantee the data will be present for mailboxes deleted over 30 days prior, there are cases where the data is recoverable. If the mailbox was placed on litigation or any other type of hold, then it will be converted to an inactive mailbox once it exceeds the 30-day deleted mailbox recovery window and maintained according to the retention policy rules.
To determine if a mailbox is available for recovery, begin by checking the following locations.
Deleted users – Microsoft 365 admin center
This is the easiest method to restore mailboxes deleted less than 30 days prior. Open the tool from the Microsoft 365 Admin Center, expand Users, and then select Deleted Users:
Select the user to restore and the Restore user button on the bottom right to complete the process.
Inactive mailboxes – Microsoft 365 compliance
From the Microsoft site, a mailbox becomes inactive when a Litigation Hold, retention policy, or other type of hold is applied to it, and then the corresponding Office 365 user account is deleted. The contents of an inactive mailbox are retained for the duration of the hold or retention policy that was placed on the mailbox before it was made inactive. Access this tool from the Compliance Admin center, under Data Lifecycle Management, Retention, and Inactive mailbox:
Inactive mailboxes cannot be attached directly to a user account and require additional PowerShell steps to recover data successfully.
- Move the rehired user account to a non-syncing OU in Azure AD Connect and either force a sync or wait 30 minutes for automatic synchronization to run.
- Connect to Exchange Online PowerShell and run the following command:
- Get-Mailbox -InactiveMailboxOnly |
- Format-List Name,DistinguishedName,ExchangeGuid,PrimarySmtpAddress
- Create a variable and assign the name of the inactive mailbox to it
- $InactiveMailbox = Get-Mailbox -InactiveMailboxOnly -Identity <identity of inactive mailbox obtained above>
- Create a new mailbox to recover the mailbox data into:
- New-Mailbox -InactiveMailbox $InactiveMailbox.DistinguishedName -Name UserName -FirstName KK -LastName User -DisplayName “KK User” -MicrosoftOnlineServicesID KKUser@yourdomain.com -Password (ConvertTo-SecureString -String ‘P@ssw0rd’ -AsPlainText -Force) -ResetPasswordOnNextLogon $true
- (change account details above as applicable to your environment)
- At this point, a new mailbox will exist for the user with the restored data. The mailbox needs to be reconnected to the on-premises AD account to complete the process. Logon to a domain controller and run the following command:
- ldifde -f export.txt -r “(Userprincipalname=*)” -l “objectGuid, userPrincipalName”
- Locate the exported file under %UserProfile% and open it with notepad. Search for the user in question and copy the objectGUID property.
- From PowerShell, connect to Azure by running the following command:
- Set the GUID of the cloud user to match the on-prem property from step 6 above:
- Set-MsolUser -UserPrincipalName KKUser@yourdomain.com -ImmutableId <objectGUID from step 6>
- Delete the duplicate account in the cloud:
- Remove-MsolUser -UserPrincipalName KKUser@yourdomain.mail.onmicrosoft.com -Force
- (replace yourdomain.mail.onmicrosoft.com with your Microsoft tenant domain)
- Remove the deleted user object from the recycle bin:
- Get-MsolUser -ReturnDeletedUser -All | Remove-Msoluser -RemovefromRecycleBin -Force
- Move the user account back to a syncing OU and force Azure AD synchronization.
- Have the user verify they can log in to their cloud mailbox with their on-prem AD credentials and reset their password as necessary.
For assistance from the Kraft Kennedy team, please contact us.