Home
PowerShell
Restore-MgDirectoryDeletedItem

How to restore deleted users in Entra ID using Microsoft Graph PowerShell

Q: 2. How do you restore a deleted AD user?

You can restore AD users through PowerShell using the Restore-ADObject cmdlet or through GUI-based tools like Active Directory Administrative Center and ADManager Plus. While both solutions support restoring multiple users, ADManager Plus simplifies bulk recovery with CSV imports, making the process faster and more efficient. Note that Active Directory Recycle Bin must be enabled before user deletion. If not, recovery requires a full AD backup restoration or the Ldp utility for partial recovery, which often involves resetting the user's password and attributes.

The Restore-MgDirectoryDeletedItem cmdlet lets administrators restore recently deleted Microsoft Entra ID users and other directory objects, such as groups, applications, and service principals, within the retention period before they are permanently deleted.

This document explores three ways to recover deleted users in Entra ID:

ADManager Plus
PowerShell

Restore deleted Entra ID users using ADManager Plus

ADManager Plus enables you to recover deleted users individually or in bulk, streamlining the process and eliminating scripts.

Log in to ADManager Plus and navigate to Microsoft 365 > Management > Entra ID > User Management > Bulk User Modification > Restore Users.
Choose your tenant from the Microsoft 365 Tenant drop-down.
In the Select User(s) field, enter the name of the user that you'd like to restore and click Find. To restore multiple users in bulk, select CSV Import, upload a CSV file containing the user list, and click Import User(s).
On the following screen, confirm your selected user list and click Apply.

Restoring deleted Entra ID users using ADManager Plus.

Import a CSV file to restore multiple users in bulk

Get started

Restore deleted Entra ID users using Microsoft Graph PowerShell

Prerequisites

Import the required PowerShell module and connect to Microsoft Graph:
Import-Module Microsoft.Graph.Identity.DirectoryManagement Connect-MgGraph -Scopes "User.ReadWrite.All", "User.DeleteRestore.All"
Find the deleted user's ID. Run the cmdlet below and copy the user's ID:
Get-MgDirectoryDeletedItemAsUser

Using the Restore-MgDirectoryDeletedItem cmdlet

Restore the deleted user by running the script below. Replace with the actual ID of the deleted user.


                              Restore-MgDirectoryDeletedItem -DirectoryObjectId ""

Restore deleted Entra ID users using Microsoft Entra admin center

Microsoft Entra admin center is another script-free solution to help restore users through manual and bulk operations:

Log in to Microsoft Entra admin center as a global admin or privileged role admin.
Navigate to Users > Deleted users.
- To restore a single user, find and select the user, then click Restore users.
- To restore multiple users, click Bulk restore. On the Bulk restore users pane, upload a CSV file containing the users' object IDs and click Submit. Once the file gets validated, click Submit. When the operation completes, you'll get a notification.

Example scripts and use cases

Example 1: Restoring a deleted user John by their unique object ID


                              $deleted = Get-MgDirectoryDeletedItemAsUser -All | Where-Object {$_.DisplayName -eq "John"} 

                              Restore-MgDirectoryDeletedItem -DirectoryObjectId $deleted.Id

Example 2: Restoring the Marketing Team group by its unique object ID


                              $deletedGroup = Get-MgDirectoryDeletedItemAsGroup -All | Where-Object {$_.DisplayName -eq "Marketing Team"} 

                              Restore-MgDirectoryDeletedItem -DirectoryObjectId $deletedGroup.Id

Example 3: Restoring an object and removing conflicting proxy addresses


                              $params = @{ 

                                  autoReconcileProxyConflict = $true 

                              } 

                              Restore-MgDirectoryDeletedItem -DirectoryObjectId "<object-id>" -BodyParameter $params

Supported parameters

The following are parameters that can be used with the Restore-MgDirectoryDeletedItem cmdlet:

Parameter	Description
-DirectoryObjectId	The object ID of the deleted directory item to restore
-InputObject	The identity parameter that accepts objects piped from Get-MgDirectoryDeletedItem (an alternative to ObjectId)
-BodyParameter	The hash table for additional restore options (e.g., autoReconcileProxyConflict)
-WhatIf	Shows what will happen if the cmdlet runs, without executing it
-Confirm	Prompts for confirmation before execution
-Headers	Allows the passing of custom HTTP headers
-ResponseHeadersVariable	Stores response headers in the specified variable

Limitations of using native tools to restore Entra ID users

While they're powerful, relying solely on Microsoft Graph PowerShell and Microsoft Entra admin center can present challenges:

PowerShell commands can be complex across different use cases.
Native solutions require elevated privileges.
IT admins can spend a lot of time debugging errors, which in turn negatively impacts productivity.

How ADManager Plus serves as a better solution for restoring Entra ID users

ADManager Plus, an identity governance and administration solution with comprehensive Entra ID management and reporting capabilities, simplifies complex admin tasks from a single, user-friendly console:

Restore, modify, and block Entra ID users and more using bulk and targeted operations.
Manage Entra ID users, contacts, groups, licenses, and other objects with a script-free, centralized console.
Reduce human error by automating user provisioning, deprovisioning, and license assignment across various platforms.
Delegate Entra ID tasks to technicians without elevating their native privileges.
Keep a watchful eye with over 200 prepackaged reports for your Entra ID and Active Directory (AD) environments.
Monitor delegated activities through smart workflows.
Ensure business continuity with AD, Entra ID, and Google Workspace backups and recovery.

Perform script-free Entra ID management and reporting with ADManager Plus

Try it now for free

FAQ

1. Can you recover a deleted user?

Yes, you can recover a deleted Entra ID user, provided that the user has been soft-deleted and is still within the 30-day retention period. After 30 days, the user is hard-deleted (permanently deleted) and cannot be recovered.

2. How do you restore a deleted AD user?

You can restore AD users through PowerShell using the Restore-ADObject cmdlet or through GUI-based tools like Active Directory Administrative Center and ADManager Plus. While both solutions support restoring multiple users, ADManager Plus simplifies bulk recovery with CSV imports, making the process faster and more efficient.

Note that Active Directory Recycle Bin must be enabled before user deletion. If not, recovery requires a full AD backup restoration or the Ldp utility for partial recovery, which often involves resetting the user's password and attributes.

Restore deleted Entra ID users using ADManager Plus
Restore deleted Entra ID users using Microsoft Graph PowerShell
Restore deleted Entra ID users using Microsoft Entra admin center
Example scripts and use cases
Supported parameters
Limitations of using native tools to restore Entra ID users
How ADManager Plus serves as a better solution for restoring Entra ID users
FAQ

Related features:

Related Powershell Guides: