Recreate a Deleted User in AD and Sync to Office365


You have Directory Synchronization configured in your domain and on occasion you need to delete a synced user in AD then recreate the account.

Here are the steps required in order to enable successful synchronization of the recreated AD account to Office 365.


Step 1

Delete the user account from AD and perform a sync in order to also remove the user from O365.  The cloud account will move to the Deleted users area in O365


Step 2

In Office365 restore the user from “Deleted Users” area.  After it has been restored the user will show up as “in cloud” vs. “synced with Active Directory”


Step 3

Recreate the account in AD.  Ensure that you have filled in the Email section and the Proxy Address for Primary mail account via user object properties and Attribute Editor tab.


Now for the nifty part…Hard Matching using the AD user ObjectGuid


Step 4

Open the AD user object properties and Attribute Editor tab.  Search for Distinguished name and copy the path.

ldifde -d "CN=Someone,OU=Users,DC=someplace,DC=com" -f c:\User.txt


Step 5

Open the text file you created in Step 4 and copy the user’s ObjectGUID  EG: 5WyOPyLejk2wiSyVaLQSGw==


Step 6

Open PowerShell and update the Cloud users ImmutableID with the ObjectGuid of the AD domain user you copied in Step 5

Set-MsolUser –UserPrincipalName -ImmutableId "5WyOPyLejk2wiSyVaLQSGw==”


Step 7

In PowerShell check that the new ImmutableID has been applied

Get-MsolUser –UserPrincipalName | FT name,ImmutableID


Step 8

Run a synchronization and confirm successful sync.  The cloud user will again become “synced with Active Directory”

22 responses to “Recreate a Deleted User in AD and Sync to Office365

  1. Stephanie,

    After searching for hours on Microsoft library documentation and trying different methods, I couldn’t find a solution. Thankfully, I found your documentation, very well explained, which actually helped me to fix my problem.

    Thank you.

  2. If you get the error below like I did:

    Set-MsolUser : You must provide a required property: Parameter name:

    To solve the issue:

    1, Connect PowerShell to Office 365.

    2, Change the user’s suffix to the default by using the example below:

    Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName

    3, You can then use the Set-MsolUser to modify the ImmutableId.

    4, After the changes are done, change the user’s suffix back to the custom domain by using the example below:

    Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName


    1. Todd, Thank you so much for these extra steps. It has saved delay in making a mailbox live once again after it was mistakenly marked for deletion.

      Also, thanks to Stephanie for this page and comments. 🙂


  3. Hi

    Thanks for the post. Here is a question for you:

    Will this work if you recreate the account on a different domain other than the original were it was created?


  4. Hi,
    So my environment is like:
    1. Create master account in AD
    2. Create mailbox and linked it to master account
    3. Migrate it

    So when i delete resource account, master account remains there. I tried this suggestion the user is showing synced with AD in cloud but on prem after re-creating that mailbox it is still showing as LINKED. Any idea how to handle it in such environment.

  5. Thank you! I was searching for a long time and finally came across this. It did the trick perfectly.

  6. This worked perfectly, thank you!

    We have an 6 year old tenant and recently went from cloud-only to adding an on-prem server with an AD. There were a few accounts, which simply refused to sync, even though the proxy-addresses and UPN were good.

    with this little push AAD linked both together.

  7. Amazing. I looked everywhere and tried many things. This was spot on, easy to follow and best of all – WORKED !!!

    Thank you TONS!

Leave a Reply

Your email address will not be published.