Recreate a Deleted User in AD and Sync to Office365

Scenario

You have Directory Synchronization configured in your domain and on occasion you need to delete a synced user in AD then recreate the account.

Here are the steps required in order to enable successful synchronization of the recreated AD account to Office 365.

Step 1

Delete the user account from AD and perform a sync in order to also remove the user from O365. The cloud account will move to the Deleted users area in O365

Step 2

In Office365 restore the user from “Deleted Users” area. After it has been restored the user will show up as “in cloud” vs. “synced with Active Directory”

Step 3

Recreate the account in AD. Ensure that you have filled in the Email section and the Proxy Address for Primary mail account via user object properties and Attribute Editor tab.

Now for the nifty part…Hard Matching using the AD user ObjectGuid

Step 4

Open the AD user object properties and Attribute Editor tab. Search for Distinguished name and copy the path.

ldifde -d “CN=Someone,OU=Users,DC=someplace,DC=com” -f c:\User.txt

Step 5

Open the text file you created in Step 4 and copy the user’s ObjectGUID EG: 5WyOPyLejk2wiSyVaLQSGw==

Step 6

Open PowerShell and update the Cloud users ImmutableID with the ObjectGuid of the AD domain user you copied in Step 5

Set-MsolUser –UserPrincipalName [email protected] -ImmutableId “5WyOPyLejk2wiSyVaLQSGw==”

Step 7

In PowerShell check that the new ImmutableID has been applied

Get-MsolUser –UserPrincipalName [email protected] | FT name,ImmutableID

Step 8

Run a synchronization and confirm successful sync. The cloud user will again become “synced with Active Directory”

22 responses to “Recreate a Deleted User in AD and Sync to Office365”

infraVirt says:

August 17, 2016 at 2:09 pm

Hi Stephanie,
Many thanks, works like a charm
D 🙂
Sandra says:

October 8, 2016 at 10:27 am

Hi,
This is a very informative blog. Thanks for such a lovely post.

I also found another post that is on the same topic. Please follow the link below to know more about the restoration of deleted users in Office 365.

Restore a User in Office 365
Anonymous says:

October 11, 2016 at 10:16 pm

Stephanie,

After searching for hours on Microsoft library documentation and trying different methods, I couldn’t find a solution. Thankfully, I found your documentation, very well explained, which actually helped me to fix my problem.

Thank you.
Beth K says:

October 18, 2016 at 3:50 am

A thousand thank yous! This helped me fix a huge problem!
Chris Baker says:

November 21, 2016 at 1:36 pm

Thank you so much Stephanie Kahlam you are a star
Todd says:

November 24, 2016 at 12:12 pm

If you get the error below like I did:

Set-MsolUser : You must provide a required property: Parameter name:
FederatedUser.SourceAnchor

To solve the issue:

1, Connect PowerShell to Office 365.

2, Change the user’s suffix to the default onmicrosoft.com by using the example below:

Set-MsolUserPrincipalName -UserPrincipalName [email protected] -NewUserPrincipalName [email protected]

3, You can then use the Set-MsolUser to modify the ImmutableId.

4, After the changes are done, change the user’s suffix back to the custom domain by using the example below:

Set-MsolUserPrincipalName -UserPrincipalName [email protected] -NewUserPrincipalName [email protected]

Cheers
1. Rodney Aries says:
  
  October 29, 2021 at 12:38 am
  
  Todd, Thank you so much for these extra steps. It has saved delay in making a mailbox live once again after it was mistakenly marked for deletion.
  
  Also, thanks to Stephanie for this page and comments. 🙂
  
  Gratitude
Ram says:

December 4, 2016 at 7:05 am

Appreciate your time and effort for this post and steps. Thanks a ton.
Lionel S. says:

January 11, 2017 at 1:05 pm

Thanks a lot Stephanie for this! It also worked for me.
Whisley Santos says:

January 17, 2017 at 10:27 am

I have no words to thank you. You just saved my ass haha
All the best and thank you so much.
Henrique says:

April 20, 2017 at 2:56 am

Hi

Thanks for the post. Here is a question for you:

Will this work if you recreate the account on a different domain other than the original were it was created?

Thank
Hasan says:

June 23, 2017 at 2:09 pm

Hi,
So my environment is like:
1. Create master account in AD
2. Create mailbox and linked it to master account
3. Migrate it

So when i delete resource account, master account remains there. I tried this suggestion the user is showing synced with AD in cloud but on prem after re-creating that mailbox it is still showing as LINKED. Any idea how to handle it in such environment.
Steve Drake says:

October 24, 2017 at 12:59 pm

Very usefull info, I needed todo this for a different reason and I had a bogus user in my recycle bin.
Steven Powell says:

November 10, 2017 at 6:20 pm

You just saved me a whole bunch of heartache. Worked perfectly
James says:

May 18, 2018 at 4:27 pm

Thank you! I was searching for a long time and finally came across this. It did the trick perfectly.
Pingback: Using ADConnect in synchronizing Active Directory users to Office 365 users – Antyxsoft Wiki
Bob Puts says:

May 29, 2018 at 11:42 am

Thanks a lot. It solved my problem.
Mustafa yar Khan says:

August 25, 2018 at 6:36 am

Awesome explanation appreciate your hard work.
anjay says:

October 27, 2018 at 10:40 pm

Still relevant! thanks!
Frank Alexander says:

December 21, 2018 at 3:45 pm

This worked perfectly, thank you!

We have an 6 year old tenant and recently went from cloud-only to adding an on-prem server with an AD. There were a few accounts, which simply refused to sync, even though the proxy-addresses and UPN were good.

with this little push AAD linked both together.
Kevin says:

March 5, 2019 at 3:49 pm

Amazing. I looked everywhere and tried many things. This was spot on, easy to follow and best of all – WORKED !!!

Thank you TONS!
GoGo says:

July 16, 2019 at 9:52 pm

Stephanie, came back after an year. Still works, thanks.