Accidentally deleted user recovery (Active Directory & Exchange 2013)

Standard

Start with recovering user in Active Directory. Download and unzip AdRestore utility.

Run adrestore to see all deleted objects or adrestore string to filter the list by string. Find user you want to recover and run adrestore once more with /r to restore the objects – you will be propted one by one.

adrecover

Now the account will reappear in Active Directoy, but will be disabled. Use what ever way you like (GUI or command line) to change password and enable account back. Add back user to the groups you want optionally.

Now move to Exchange …

If you deleted user in Active Directory, it disappears from EAC, but its mailbox state is not changed immediately in Exchange database (it changes when regular database maintanance is preformed), so we need to update it manually. To do so, we need to find mailbox GUID first.

Open Exchange Management shell and run following command to list all mailboxes details. Find GUID of the mailbox you want to recover.

Get-MailboxDatabase | Get-MailboxStatistics | Format-List DisplayName, MailboxGuid, Database, DisconnectReason, DisconnectDate

Update mailbox state for the particular mailbox, change to your Exchange database name and GUID you found in previous step.

Update-StoreMailboxState -Database “db_name” -Identity “guid”

Then go to Exchange Admin Center to Recipients / Mailboxes and click ... in the icon line and select Connect Mailbox.

eac1

Now you should see disconnected mailbox you want to recover. So select it and click connect icon.

eac2

You’ll get the warning there is no corresponding user and you must connect it to different user. It may be whatever user which does not have connected mailbox yet. That’s alright as the account you recovered in Active Directory does not have a mailbox yet. So go ahead. In the following wizard select user mailbox and later the account you recovered.

At the end you may get notification that changes made will be taken into account when Active Directory replication occurs.

eac3

If you wnat to be sure, trigger replication manually on any domain controller.

repadmin /syncall

Now you should be able to access the mailbox again.

Leave a Reply

Your email address will not be published. Required fields are marked *