Hello, my name is Ian Lindsay. I am a strategic systems consultant for Quest. In this video, I'm going to show you the process for recovering hybrid user accounts that are accidentally deleted from both on-premise and in the Azure Cloud. And a lot of times, when we talk to customers, they'll just say, oh, well, if I just delete a user, I'll go into on-prem, I'll restore them, and I'll add AD Connect take care of it.
Well, if you look at his list, there are a couple of things that we don't get back when we do it that way. So I'm going to show you what happens when we try to do a restore, both using our tool and through native tools. So let's set up this scenario. Our company has decided that when an executive leaves the company, all access needs to be immediately revoked from that user, including both on-premise and in the cloud, and we want to ensure that they can't have access by removing them from the recycle bins.
So we have an automated process that goes through and will remove a user. HR is going in and entered that one of my executives is leaving. So the script is automatically run and deleted the user. But then they realized that they did that in error. So let's see what happens.
So first, let's look at our user. So this is our user that gets deleted, Diana. As you can see from the organization, she's the chief financial officer. So that's why she's going to be removed immediately. She belongs to a number of groups on-premise. Some of them will give her access on-prem, some of them we'll give her access to things in the cloud.
So let's look at the cloud side of this particular user. So here's the cloud half of my user for Diane. When I look at her profile, I can see the information that has sunk from on-premise, such as that she's the chief financial officer. But I also some other info here that's in the cloud-- her usage location, which is used for licensing. Diana also has a number of roles in the cloud that give her rights to do certain things.
Along with those on-premise groups that she was a member of, she's also a member of some cloud groups too. These will give her access to specific applications or licensing in the cloud. So here's a list of the apps that she has access to, and you can see how she's been granted access to those. She has a number of licenses for things that she can go ahead and utilize. And we have her two-factor authentication information.
So let's see what happens when Diana logs into the systems. So I'm going to go off and connect our company's Azure portal. So let me log in as Diana. And her password. And we get prompted for multi-factor authentication. So let's enter that information.
So as you can see, Diana has access to a number of applications. Some are cloud applications, such as her Outlook to get her email, And here we can see her email box. Diana is also a member of some teams and has access to teams. And here's her teams. And she has access to some internal applications that we utilize on a daily basis.
So let's see what happens when Diane's account is accidentally deleted. This script here will simulate the HR department going ahead and deleting the account. So let's enter the account to be deleted. We'll say, yes. And now, the script will take over and delete the account.
OK, our executive has been deleted and removed from the cloud. Now we get the call from the HR department, telling us that this was done in error, and we need to restore. Let's go into the Active Directory administration center. I'll refresh the recycle bin. And there's Diana. Fortunately, she's still in the on-premise recycle bin.
So we'll go ahead in and restore back into the Active Directory. When I refresh the organizational unit Diane is back in the local directory. Now, we need to get this out to the cloud, so we'll tell AD Connect to go ahead and sync those changes back to the cloud. So now, let's see what happens when we log or back in again.
So let's open up a new browser window, and we'll go to the portal. We first put in her past login account. And then let's enter her password. First thing to notice is we did not get prompted for two-factor authentication. And when we look at the portal, I see some of the apps that she should have access to, but I don't see everything that she should have access to.
So let's look and figure out why. Let's go back and look at Diana back in the portal again. So here's her cloud account. When I look at her profile, I see the on-premise information, that she was a chief financial officer, but I don't see the usage location that was there before. The roles that she was assigned to are no longer there. If I look at the groups, I'm seeing her groups from on-premise, but I'm not seeing all of her cloud groups. So that's probably a problem.
If I look at the applications, some of them are here, but not all of them. There are a couple of missing. When I look at her licenses, all of her licenses are also missing. Let's go down to the authentication, and we see that her two-factor authentication information is missing. So there's probably a bunch of things that are wrong here.
So let's go ahead in, and rather than trying to fix all of this, what I'm going to do is I'm just going to start over again, and we'll re-delete Diana. And Diana is deleted again. Now, this time, rather than trying to restore her on-prem and use AD Connect, I'm going to use the On-Demand Recovery tool to go ahead and restore the account. This starts by going out and finding the appropriate backup that Diana belongs to that I can go ahead and restore from.
So I see my list of backups here. The process begins by unpacking a backup. And then we'll use the information in the backup, compare it to the active directory, to see what the differences are. Now, I've already unpacked this previously, so I'll just refresh my differences, rather than re-unpacking the particular backup. So we can come to the tasks pane to watch the process complete.
Now that the process is complete, I can go to see what my differences are. And you can see here the user that was incorrectly deleted, Diana, hard delete. She's not in the recycle bin. We can see that she was in the backup, but she's not currently in the current active directory. So to restore Diana, I will select her account and then say restore.
We're going to connect to the on-premise recovery manager tool as well. If I was encrypting my backups on-premise, I could specify the password to unencrypt them. If somebody tried to create her account out in the cloud and didn't get it right, we can say delete it before we go ahead and restore. We'll click the OK to kick off the task and start the restoration process.
And again, from the task panes, we'll watch the restore to see when it finishes. And our restore is now complete. Every restore task is made up of multiple events. So we can go ahead and then view those to see what happened. Clicking on any task will show you some details down at the bottom as to what happened. But let's look at all the individual tasks.
So obviously the task was started. You can see we recreated Diana. We reconnected her mailbox, reassigned a lot of her cloud information, including the roles that she had, applications that she had access to. We also connected to the on-premise recovery manager to find and restore Diana on-premise as well, and then have Azure AD sync those changes back to the portal so that we have the entire information back.
So if we go back in-- let's start on the cloud side, and let's refresh the screen. And we'll look at Diana again. Now, when I look at our profile, I can see her on-prem info's there, but there's that usage location that we needed. If I go back into her roles, we can see that Diana's roles are back. If we look at the groups that she belonged to, the cloud groups are back. So that will affect the applications, and we'll see her extra applications are back now as well. On the licensing, her licenses have been reassigned back to her, and her multi-factor information is back as well.
So let's see what happens when Diana logs in this time. So we open a new browser window. We'll go to the portal. We'll enter Diana's account, re-enter her password, and our multi-factor is back. So let's enter the code in.
When we get back to the portal, we see all the applications are back. Our internal applications, as well as all of the Office 365 applications. We can even go back in, see her email. So her old email box has been restored. We can also look at the teams where we see the apps. But basically, all of her information is back.
Thank you for taking the time to check out this video. Hopefully you'll see that using the On-Demand Recovery versus the native tools is a little bit easier for our restoration process. If you would like any additional information, feel free to visit any of our web sites. Thank you, and have a great day.