Recovering deleted mailboxes are not new for us as Exchange Admins but this becomes quite tedious when we are managing an Exchange Hybrid Environment with Federated Identity.
Recovering mailbox in a traditional On premises Environment or a fully hosted Exchange Online Environment are straight forward with few easy steps. Refer the below articles to know this in detail.
To clarify my above statement lets do some quick discussion on this topic, In a DirSync environment objects are Synchronized from On premises to cloud and the Source of Authority is On premises for managing the objects and when we enable Federated Identity the Identity management is moved to On premises via ADFS and provides a true SSO experience for users when accessing Office 365.
More information on the above said point is updated in this Microsoft knowledge base article with the workaround which is the key for this article.
Once this is done the Mailbox is recovered in cloud and you can access the mailbox by granting yourself Full Access to it and export the mailbox contents to a PST.
Also you can recover the mailbox from Soft deleted mailboxes using Undo-SoftDeletedMailbox
cmdlet and then follow the PST process.
We can follow the above process as long as the mailbox is available under soft deleted mailboxes which is 30 days
from the date of deletion.
*If you have enabled Litigation hold
or In Place hold
on the mailbox before deletion the contents are preserved as the mailbox will be moved to Inactive Mailboxes.
Review here: Manage inactive mailboxes in Exchange Online
Recovery Method with a New AD object
*We still have option to recover the mailbox post this 30 days retention date
from Removed mailboxes
which will occur once the MSOL object is deleted and the associated mailbox is moved from Soft deleted mailboxes to hard deleted mailboxes ( Removed / Orphan Mailboxes).
We can check for this mailbox using Get-RemovedMailbox
Cmd let in Exchange Online and make a note of the GUID and reconnect it to a new Cloud only account as shown in the below blog post and recover the contents.
Review here: Recovering a deleted mailbox in Microsoft Office 365
Once the AD object On premises is deleted you can delete the corresponding MSOL object in Office 365 permanently with the -RemovefromRecyclebin
cmdlet and once this is done the Mailbox is hard deleted and moved to Removed mailboxes and then you can very well follow the above process
and bring it back to life with a new Cloud only account as a first step.
*Once the mailbox is mapped to the new cloud only account it behaves like a mailbox provisioned fully in cloud that will not contain an ImmutableID
which is the key for our recovery.
*Add the necessary SMTP address of your federated domain and make it primary if its not set correct.
*Next, we will create a new AD object and the set the object as before with the necessary attributes and Primary SMTP (We can create a Remote Mailbox object On premises). Now we can force Dirsync or wait for the DirSync schedule run. We are all good now to utilize the SMTP matching feature (Soft Match
) to bind the On Premises AD object to the MSOL object which sets the new AD object's Object GUID as the immutable ID in MSOL
and then the mailbox is functional as before with SSO.
Review the SMTP Matching
knowledge base here: http://support2.microsoft.com/kb/2641663
*If you get any NDR for the old emails you can utilize the below knowledge base article and re-construct the X500 address
and add it to the account On premises which will DirSync to cloud and make things work as before.
Review here: http://support2.microsoft.com/kb/2807779/en-us
This completes this recovery method.
This method is also a reliable method but not a recommended method by Microsoft, Also unfortunately this is not working in my Hybrid deployment with DirSync
where the Mailbox is getting moved to soft deleted mailboxes instead of Removed mailboxes
even though I force fully remove the MSOL object from Office 365.
This same behavior is experienced by Microsoft team and found this works well for fully hosted scenario
and not for Hybrid deployment with DirSync
and still I am awaiting for a possible solution and update here soon.
After working with Microsoft team we identified the workaround
, where this could possible be a Sync issue between MSODS and Exchange Online which is not moving the mailbox from soft deleted mailboxes to hard deleted ( Removed Mailboxes) once MSOL object is removed.
To fix this we recovered the mailbox available under soft deleted mailboxes using Undo-SoftDeletedMailbox
cmdlet , which recovered the mailbox with the note to assign the License before the grace period expires which will remove the mailbox if not done.
We waited for the grace period to expire
and then the mailbox was successfully moved to the hard deleted
mailboxes and available under Removed Mailboxes.
Once this is done we are all set to follow the instructions provided above under "Recovery Method with a New AD object
" method for successful recovery.
You can additionally prevent accidental deletions in Azure when using Dirsync by following the instructions provided in the below Blog post.
DirSync: How To Avoid Syncing Accidental Deletes To The Cloud Directory
Believe this post is quite useful for readers to recover mailboxes in a Hybrid environment with federated identity and also other possible mailbox recovery scenarios with Office 365.
Microsoft team is making some significant changes to the Mailbox recovery with Office 365 by discontinuing
method of recovering the mailbox using hard delete option
, since this impacts other service related access with Office 365 and suggests us with a new supported method to be followed henceforth via the below EHLO Blog post.
Why Is This a Benefit?
Previously, if you could not recover both the user and the mailbox, you would have to perform an unsupported process of hard-deleting a mailbox
. This process was unreliable and sometimes caused a ripple effect on other services such as SharePoint and Lync. If the process failed, you were left with very limited options, and ultimately had to call support.
Below are the steps stated in the article for recovery
What Do I Need To Do To Take Advantage of This New Option?
All you need to do is create a new user with a mailbox and merge the data. The way you create the user with a new mailbox will depend on if you use DirSync or the Microsoft Online Portal to create users.
1. Create the user and Mailbox.
Create the user and remote mailbox from the on-premises Exchange management tools.
Force a directory synchronization.
Not Using DirSync:
Log into http://portal.office.com.
Create and license the user.
2. Run the cmdlet to merge the accounts. This is done from PowerShell connected to Exchange Online.
A) Connect PowerShell to Exchange Online. To do this, see http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
B) Run the following Command and retrieve the GUID for the soft-deleted mailbox that you want to restore: Get-Mailbox -SoftDeletedMailbox
C) Run a cmdlet similar to the following to restore the mailbox: New-MailboxRestoreRequest -SourceMailbox <GUID from Step 2B> -TargetMailbox <GUID from Step 1>
NOTE 1: If the mailbox source and/or target is an archive, use the following switches (-SourceIsArchive and/or -TargetIsArchive)
NOTE 2: The value in Step 2C calls for the account GUIDs, but they can take other values such as an SMTP address or a UPN. The reason we recommend using GUIDs is to reduce the chances that there will be any confusion or conflict between the source and destination.
Access the complete post here to know more: A better way to recover a mailbox
Microsoft team recently published a new guidance article on this topic below,
Common mailbox recovery scenarios for hybrid environments
Microsoft Exchange Online Team recently announced the availability of new Mailbox Recovery Troubleshooter
that would guide you to the best possible Recovery option , when restoring a deleted user mailbox in EXO.
Access the Troubleshooter here: https://aka.ms/MailboxRecovery
Official Blog post here: Introducing the Mailbox Recovery Troubleshooter
Access the latest Blog posts on this topic in an Exchange Hybrid environment.
Recover soft-deleted mailboxes in an Exchange Hybrid scenario
How to restore an inactive mailbox for a federated user in an Exchange Hybrid deployment
As an add-on read review the detailed guidance from Microsoft
to know how to remove a former employee from Office 365
Stay tuned for latest updates...