Restoring an Entra ID user will update its attributes, link to manager, role assignments, group ownerships, group and unit memberships, and licenses. 

Restore an Entra ID user

Before you begin, ensure the Entra ID service account that was used to create the connector is assigned the global admin role.

1. Open the Connectors page and select the desired connector. 

2. Locate the user in your connector.

3. Optional: If you want to restore an older version of the object, click the Snapshots Viewer icon, then select an earlier snapshot. You will now be viewing data from that particular time.

4. Select ••• > Restore.

Tip: To preview the attributes and relationships and to compare them to older versions, select ••• > Object metadata. You can also initiate the restore directly from this previewer. 

5. Click Yes to restore the user. 

Note: To restore multiple users at time, select the items. In the toolbar, select Restore.


Restore all Entra ID users

In case you need to bring back large amounts of data, you can use the restore wizard from the connector level.

Before you begin, ensure the Entra ID service account that was used to create the connector is assigned the global admin role.

Note: We recommend you restore all users and groups together to maintain relationships between them, as linked users and groups (subobjects) are also restored. 

1. Open the Connectors page.

2. Point to the connector and click the Restore icon.

3. Click Next.

4. Select a snapshot.

5. Choose the items to restore and click Next.

6. Review the summary and click Restore

What happens when a user is restored

  • Attributes restored
    The user's attributes, licenses, authmethods, and photo are recreated (if missing) or updated (it still existing).
  • Relationships reestablished
    The following relationships are reestablished:
    • Memberships - links to groups and admin units that the user is a member of 
    • Ownerships - links to groups that the user is an owner of
    • Role assignments - links to roles that are assigned to this user
    • Manager - the link to the user's manager
      Note: A relationship can be reestablished only if the linked object still exists in Entra ID.
  • New ID and creation time
    • If the user no longer exists in Entra ID, it will receive a new object ID and creation time. 
    • If the user is in the "Deleted users" folder (i.e., it has not yet been permanently deleted), it will be restored with its original ID and creation time.
      Note: Restoring users will recreate them with new IDs, but duplicates will not be created if restored from the same snapshot. Users are recognized by their attributes, and existing users in Entra ID will be overwritten.

This diagram shows the relationships that are restored:


 

Restore limitations

  • If the user was a member of a distribution group or mail-enabled security group, we cannot reestablish the links to these groups due to an API limitation. In this case, the restore job will be marked as incomplete, and these relationships will be skipped.
  • Due to a Microsoft Graph public API limitation, a user with on-premises sync enabled cannot be restored. 
  • Authentication methods are not restored.

Note: A user's group-inherited roles are not displayed in the UI, but they are backed up and restored.