Restoring an administrative unit will update its attributes, role assignments, and links to member users and groups.

Restore an Entra ID administrative unit

Before you begin, ensure the Entra ID service account that was used to create the connector is assigned the global admin role.

1. Locate the administrative unit in your connector.

2. Optional: If you want to restore an older version of the object, click the Snapshots Viewer icon, and then select an earlier snapshot. You will now be viewing data from that particular time.

3. Select ••• > Restore.

Tip: To preview the attributes and relationships and to compare them to older versions, select ••• > Object metadata. You can also restore directly from the previewer. 

4. Select whether to restore subobjects.
Subobjects can be member groups and member users.

  • If you select Restore only this object, click Next.
  • If you select Also restore subobjects, click Next. Then select the restore method and click Next

5. Review the summary and click Restore.

Note: Administrative units can be restored in bulk, but the option to restore related items will be disabled. 

What happens when an administrative unit is restored

  • Attributes restored
    The administrative unit's attributes are recreated (if missing) or updated (it still existing).
  • Relationships reestablished
    The following relationships are reestablished:
    • Members - links to all users and groups that are members of this unit
    • Scoped-role assignments - links to all roles that are assigned to this unit
      NoteA relationship can be reestablished only if the linked object still exists in Entra ID. 
  • New ID and creation time
    • If the admin unit has been soft deleted (the admin unit remains in the recycle bin for 30 days), it will be restored with its original object ID and original creation time (but deletion time property will change to null).
    • If the admin unit has been permanently deleted, it will be restored with a new object ID and creation time.

This diagram shows the relationships that are restored:


 

Restoring an admin unit with subobjects

An administrative unit's subobjects are users and groups that are members of the unit. 

If subobjects restore is enabled, missing subobjects (users or groups) will be recreated with new IDs. Their attributes, relationships, and licenses (if applicable) will also be restored. Existing users or groups not present in the snapshot will have their links to the group removed, but the objects themselves will not be deleted from Entra ID.

Selecting create missing and update existing subobjects:

  • Recreates deleted users and groups.
  • Updates existing users with its attributes, link to manager, role assignments, group ownerships, group and unit memberships, and licenses.
  • Updates existing groups with its attributes, links to members and owners, group and unit memberships, role assignments, and licenses.

Selecting only create missing subobjects:

  • Recreates deleted users and groups.
  • Does not update attributes, relationships, licenses, and authentication methods of existing users and groups.

Note: We cannot reestablish deleted users' memberships to distribution and mail-enabled groups. In this case, the restore job will be marked as incomplete, and these relationships will be skipped.