Recovering deleted data

If you have accidentally deleted data from your directory there may be some options for recovering the lost data using PowerShell. You can recover deleted Applications and deleted Unified Groups in the first 30 days after deletion. This article describes how to do that.

Finding deleted Unified groups

To find the deleted Unified groups in your directory you can use the Get-AzureADMSDeletedGroup cmdlets. This cmdlet returns all Unified Group objects that were deleted in the past 30 days. Here is an example of the cmdlet and its output:


Id                                   DisplayName         Description
--                                   -----------         -----------
1dc315b7-9ed4-468f-a190-1d90442e43f8 SpeedTest9
1e26b664-3f47-4e21-8045-78ee7d67e69f SpeedTest1992

To find all deleted Application objects, you can use Get-AzureADMSApplication:

PS C:\WINDOWS\system32> Get-AzureADDeletedApplication

ObjectId                             AppId                                DisplayName
--------                             -----                                -----------
9a7d49c5-42ee-47a3-bad7-17cae5bb8f26 7dba6cec-ffd5-40af-ba40-1eb158574b5a My Properties Bag

Within the first 30 days after an object is deleted, it can be recovered using the Recover-AzureADMSDeletedDirectoryObject cmdlet. To recover a deleted directory pobject you must specify the Id of the object. This is what you see when you recover a deleted group:

Restore-AzureADMSDeletedDirectoryObject -Id 822cda93-4d5b-4c60-86d9-5d395e37afb4

Id                                   DisplayName     Description
--                                   -----------     -----------
822cda93-4d5b-4c60-86d9-5d395e37afb4 XSpeedTest1996A XSpeedTest1996A

To recover all deleted Unified Groups you would use

Get-AzureADMSDeletedGroup | Restore-AzureADMSDeletedDirectoryObject

The first cmdlet will retrieve the deleted unified groups in your directory, the second cmdlet will be executed for each deleted group and will restore the deleted groups.

If you want to recover a deleted application object, you can use

Restore-AzureADDeletedApplication -ObjectId 9a7d49c5-42ee-47a3-bad7-17cae5bb8f26

ObjectId                             AppId                                DisplayName
--------                             -----                                -----------
9a7d49c5-42ee-47a3-bad7-17cae5bb8f26 7dba6cec-ffd5-40af-ba40-1eb158574b5a My Properties Bag

If you want to permanently delete a unified group to prevent anyone from recovering it, you can use

Remove-AzureADMSDeletedDirectoryObject -Id 854e0412-6975-4ac0-94a3-9bfff671b7f8

Note: If you attempt to recover a deleted unified group for which the SAMAccountName already exists the cmdlet will fail. You must first remove the existing SAMAccountName by either changing it or deleting the object that has it.