Original KB number: 20804
Source Article on GitHub
Who is it for?
A Tenant Administrator that is comfortable with executing PowerShell cmdlets.
How does it work?
We are going to ask you some specific questions to scope your situation. Then we’ll take you through a series of steps tailored to your scenario.
Estimated time of completion:
30-45 minutes.
Select the current state of the on-premises user account
If there is no Directory Synchronization in the environment, then the Managed Account option should be selected.
If Directory Synchronization is in place, you can search within Active Directory Users and Computers to see if the on-premises account is Present or Deleted.
Azure Active Directory User Account Status (Managed Account (No DirSync))
Connect to Azure Active Directory PowerShell and verify the Online Account Status:
- Install Azure AD Module.
- Open the Microsoft Online Services Module (shortcut from the desktop).
- Run
$cred=Get-Credential
.[!NOTE] When prompted for credentials, type your Microsoft 365 administration account credentials. - Run
Connect-MsolService -Credential $cred
. This cmdlet connects you to Microsoft 365. - Run
Get-MSOLUser -UserPrincipalName <UPN>
.Example: UserPrincipalName: [email protected]
If the user information is returned the user is PRESENT. If the user information is not returned, proceed to step 6. - Run
Get-MSOLUser -UserPrincipalName <UPN>-ReturnDeletedUsers |SELECT-OBJECT
.
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either step 5 or step 6, the MSOL object is HARD DELETED.
Based on the outcome in the steps above, select one of the following:
Exchange Online Mailbox Status (on-premises is Managed Account (No DirSync) and online account status is Present)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises is Managed Account (No DirSync) and online account status is Soft Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises is Managed Account (No DirSync) and online account status is Hard Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
AD User Account Deleted, Online Account Present, Online Mailbox Present
Solution:
Contact Microsoft Support
When an Active Directory User object is deleted from on-premises, the deletion will be synchronized to Azure Active Directory. This synchronization process could take up to three hours. If the deletion has not synchronized yet, there may be an issue with the directory synchronization application.
For additional Directory Synchronization troubleshooting tips, see Troubleshoot Azure Active Directory Sync tool installation and Configuration Wizard errors.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Present, Online Mailbox not present
Solution:
Contact Microsoft Support Due to the way Azure Active Directory Connect and the Online Services work, this should not be a possible scenario. Contact Microsoft Support to get assistance with your issue.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD Account Deleted, Azure AD Account Present (Soft deleted), Online Mailbox Soft Deleted
Solution:
Restore the AD user and run directory synchronization, which will “soft match” the AD user object and the Azure AD object, including reconnecting the “soft deleted” mailbox.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online PowerShell.
- Restore the onPremise AD User.
- Run a Delta Directory Sync.
- Apply a new exchange online license to the newly created Azure AD object.
- Use the New-MailboxRestoreRequest to merge the content of the soft deleted mailbox to the active mailbox. See an example in the screen capture below::::image type=”content” source=”media/mailbox-recovery-in-exchange-online/new-mailbox-restore-request.png” alt-text=”Screenshot shows an example to use the New-MailboxRestoreRequest command.” border=”false” lightbox=”media/mailbox-recovery-in-exchange-online/new-mailbox-restore-request.png”:::
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Present
Solution:
Recreate the user and restore the data from the original mailbox.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell.
- Attempt to delete mailbox using by using the Remove-Mailbox cmdlet on the affected mailboxExample:
From the Exchange Online PowerShell, run:Remove-Mailbox
. - If step 2 fails, skip to step 8.
- Restore the on-premises AD User.
- Run a Delta Directory Sync.
- Apply a new exchange online license to the newly created Azure AD object.
- Use the New-MailboxRestoreRequest to merge the content of the soft deleted mailbox to the active mailbox. See an example in the screen capture below::::image type=”content” source=”media/mailbox-recovery-in-exchange-online/new-mailbox-restore-request.png” alt-text=”Screenshot shows an example of using the New-MailboxRestoreRequest command.” border=”false” lightbox=”media/mailbox-recovery-in-exchange-online/new-mailbox-restore-request.png”:::
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Not present
Solution:
By Design
This situation is expected behavior if the customer deleted the on-premises object 30+ days ago. The mailbox is not recoverable at this point.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Hard Deleted, Online Mailbox Soft Deleted
Solution:
Restore Inactive mailbox and perform a soft match.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online remote PowerShell.
- Connect the Soft Deleted Mailbox to a new Azure AD Account with the steps below:
- If the tenant IS NOT using SSO (Single Sign-On), run the cmdlet:
New-Mailbox -Name "UserName" -InactiveMailbox -MicrosoftOnlineServicesID [email protected] -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText –Force)
- If the tenant IS using ADFS (Identity Federation), run the cmdlet:
New-Mailbox -Name "UserName" -InactiveMailbox -MicrosoftOnlineServicesID [email protected] -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText –Force)
- If the tenant IS NOT using SSO (Single Sign-On), run the cmdlet:
- Restore or create a new On-premises AD user. Ensure that the on-premises account’s Primary SMTP Address matches the Primary SMTP Address of the Microsoft 365 object. Change the on-premises object’s address to match if it does not.
- Using Azure Active Directory Connect to run a Directory synchronization will soft match the on-premises account with the new Azure AD account.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Soft Deleted, Online Mailbox Present
Solution:
If the Account is soft deleted the mailbox should not be present. However, we will take you through the steps to attempt to recreate the user and reconnect them to the original mailbox.
To identify duplicates, run the following:
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online PowerShell.
- Run
Get-msoluser -returndeletedusers -userprincipalname [email protected] |Select-Object ObjectID
. - Run
Get-mailbox [email protected] |Select-Object ExternalDirectoryObjectID, UserPrincipalName
.- If the Object IDs match from step 2 and 3, then follow continue to step 4.
- If the Objects ID’s do not match from step 2 and 3, contact Microsoft support.
- Create a new On-premises AD user and ensure that the on-premises accounts Primary SMTP Address matches the Primary SMTP Address of the Microsoft 365 object.
- Ensure the UPN of the AD user object matches what was returned in step 3.
- Wait three hours for the account to replicate to the Online services.
- If the Mailbox did not reconnect, contact Microsoft Support.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD User Account Deleted, Azure AD Account Soft Deleted, Online Mailbox Not Present
Solution:
Contact Microsoft Support
Due to the way Azure AD Connect and the Online Services work, this should not be a possible scenario. Contact Microsoft Support to get assistance with your issue.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
AD Account Deleted, Online Account Soft Deleted, Online Mailbox Soft Deleted
Solution:
Restore the on-premises Account.
This best way to address the issue you are facing is to restore the original on-premises Active Directory User Account. After the restore, the exchange online mailbox will be accessible again.
- Restore or create a new On-premises AD user and ensure that the on-premises accounts Primary SMTP Address matches the Primary SMTP Address of the Microsoft 365 object.
- Ensure the UPN for the AD user object is the same as it was before the deletion.
- Wait three hours for the account to replicate to the Online services.
- If the Mailbox did not reconnect, contact Microsoft Support.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure Active Directory User Account Status (User Account is present on-premises)
Connect to Azure Active Directory PowerShell and verify the Online Account Status:
- Install Azure AD Module.
- Open the Microsoft Online Services Module (shortcut from the desktop).
- Run
$cred=Get-Credential
.[!NOTE] When prompted for credentials, type your Microsoft 365 administration account credentials. - Run
Connect-MsolService -Credential $cred
. This cmdlet connects you to Microsoft 365. - Run
Get-MSOLUser -UserPrincipalName <UPN>
.Example: UserPrincipalName: [email protected]
If the user information is returned the user is PRESENT. If the user information is not returned, proceed to step 6. - Run
Get-MSOLUser -UserPrincipalName <UPN>-ReturnDeletedUsers |SELECT-OBJECT
.
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either step 5 or step 6, the MSOL object is HARD DELETED.
Based on the outcome in the steps above, select one of the following:
Exchange Online Mailbox Status (on-premises user account is Present and Azure Active Directory user account is Present)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises user account is Present and Azure Active Directory user account is Soft Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises user account is Present and Azure Active Directory user account is Hard Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Azure AD Account Present, Exchange Online Mailbox Present
Solution:
Service is functioning normally.
This is the expected behavior of the Exchange Online Services.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD Account Present, Exchange Online Mailbox Soft Deleted
Solution:
Follow the steps below to recover the mailbox.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online PowerShell.
- Run
Get-Mailbox -Softdeletedmailbox [email protected] |Select-Object ExternalDirectoryObjectID
. - Run
Get-Msoluser -ObjectID
. - Check if the
ExternalDirectoryObjectID
values from step 2 and step 3 match. - If they do, soft-delete the Azure AD user by running
Remove-Msoluser -Userprincipalname [email protected]
.- Run
$DelUser = Get-MsolUser -UserPrincipalName [email protected] -ReturnDeletedUsers
. Restore-MsolUser -ObjectId $DelUser.ObjectId
.
- Run
- After 5 minutes, restore the Azure AD user using the steps below.
- If the
ExternalDirectoryObjectID
values from step 2 and step 3 do not match, it means there is a duplicate Azure AD user. Contact support.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD Account Present, Exchange Online Mailbox Not present (Purged)
Solution:
This issue is often caused by having an unlicensed user account.
- Log in to the Microsoft 365 portal at https://portal.office.com and check the user’s license status.
- Check to see if the user has a valid license. If user doesn’t have a valid license, apply an Exchange Online License.
- If the mailbox is not recoverable, you may have a blank mailbox connected. While it is unlikely that we can recover your data you can call into support.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD Account Soft Deleted, Exchange Online Mailbox Present
Solution:
This behavior is by design, if the Azure AD user is deleted, the mailbox associated with it will get to a soft-deleted state. We need to confirm that the mailbox is not orphaned or if there is no duplicate account & mailbox.
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online PowerShell.
- Run
get-mailbox -identity [email protected] |Select-Object ExternalDirectoryObjectID
. - Run
get-msoluser -objectID < specify ExternalDirectoryObjectID from step 2> -returnDeletedUsers |select-object
. - Confirm that the MSOLUser is returned from step 3 and then, simply restore the deleted MSOL user back to an Active user using the steps below:
- Run
$DelUser = Get-MsolUser -UserPrincipalName [email protected] -ReturnDeletedUsers
. - Run
Restore-MsolUser -ObjectId $DelUser.ObjectId
.
- Run
- Log in to the mailbox using the
UserPrincipalName
and verify you are able to access the mailbox.
[!NOTE] If step 2 & 3 don’t yield any results, there may be a duplicate Azure AD object or this mailbox is orphaned. Contact support to resolve the issue.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Online Account Soft Deleted, Online Mailbox Soft Deleted
Solution:
Synchronize the user account to allow the mailbox to automatically reconnect to the user.
- Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization.
- Force delta synchronization.
- After synchronization is complete, confirm that the user is present in Azure AD (through O365 admin center > Active users). The mailbox will get reconnected to the Azure AD user automatically.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Online Account Soft Deleted, Online Mailbox is not present (Purged)
Solution:
Follow the steps below to review the license status of the user. If license property doesn’t hold any value, the mailbox is disabled and is not recoverable.
- Connect to Azure AD PowerShell.
- Check License on the object using:
get-msoluser -userprincipalname [email protected] |Select-object Licenses
- If license property doesn’t hold any value, the mailbox is not recoverable.
- Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization.
- Run a Delta Directory synchronization.
- Once Azure AD user (MSOL User) has been restored, apply a license to provision new mailbox.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD Account Hard Deleted, Online Mailbox Present
Solution:
Contact Microsoft Support
This scenario should not be possible because of the way Exchange Online Account provisioning in Microsoft 365 works. It would be best to contact Microsoft Support so we can assist in working out the best solution for this issue.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD Account Hard Deleted, Exchange Online Mailbox Soft Deleted
Solution:
- Connect to Azure AD PowerShell. In the same PowerShell window, connect to Exchange Online PowerShell.
- Next, determine the state of the soft-deleted mailbox.Run
Get-mailbox –softdeletedmailbox –identity "<UserPrincipalName of the user>" |select-object IsInactiveMailbox
. - Based on the value of
IsInactiveMailbox
, take the appropriate steps:IfIsInactiveMailbox
is True:- Run
Get-Mailbox "<UserPrincipalName of the user>" -softdeletedmailbox| Select Name, DisplayName, MicrosoftOnlineServicesID, ExchangeGuid
. - Run
New-Mailbox -Name "<Name from Step 2>" -inactivemailbox "<ExchangeGuid from Step 2>" -MicrosoftOnlineServicesID "<MicrosoftOnlineServicesID from Step 2>" -Password (ConvertTo-SecureString -String 'Pa##w0rd goes here' -AsPlainText -Force)
. - Using the on-premises Active Directory Users and Computers, move the user to an Organizational Unit that is not filtered in directory synchronization.
IsInactiveMailbox
is False:- Run
Undo-SoftDeletedMailbox [email protected] -WindowsLiveID [email protected] -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
. - Connect to Azure AD PowerShell.
- Run
get-msoluser -userprincipalname [email protected]
. - Once you verified that the MSOLUser is returned in the previous step to force a delta sync from on-premises Active Directory. It will soft-match to the user in Azure Active Directory.
- Run
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Azure AD account Hard Deleted, Exchange Online Mailbox not present (Purged)
Solution:
Mailbox might have been removed (outside the 30-day retention period) and hence cannot be recovered.
Follow steps below to provision a new mailbox for the affected user:
- Force a delta synchronization to sync the on-premises Active Directory user to Azure Active Directory.
- If in an Exchange Hybrid environment
- Provision an Exchange Online mailbox for the user by running
Enable-RemoteMailbox "UserName" -RemoteRoutingAddress "[email protected]"
. - Assign an Exchange online license to the user through the Microsoft 365 portal.
- Provision an Exchange Online mailbox for the user by running
- If not in an Exchange Hybrid environment, simply assign the Exchange Online License for the user.
- If your issue is resolved, congratulations! Your scenario is complete.
- If your issue isn’t resolved, see Additional Resources.
Online Account Present, Online Mailbox Present
Solution:
Service is functioning normally.
This is the expected behavior of the Exchange Online Services.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue wasn’t solved, see Additional Resources.
Online Account Present, Online Mailbox Soft-Deleted
Solution:
- Log in to Exchange Online PowerShell.
- Recover the soft-deleted mailbox using the command below.Run
Undo- SoftDeletedMailbox [email protected] -WindowsLiveID [email protected] -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
.For more information, see Undo-SoftDeletedMailbox. - Log in to the Microsoft 365 portal and check the user’s license status. If user doesn’t have a valid license, apply the Exchange online license.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Azure AD Account Present, Online Mailbox Not Present
Solution:
The original mailbox is not recoverable. Assign a license to the user to create a new mailbox.
- Log in to the Microsoft 365 portal as the tenant Administrator.
- Assign the Exchange Online License for the user.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Azure AD Account soft-deleted, Online Mailbox Present
Solution:
Contact Microsoft Support
Because of the way Exchange Online Account provisioning in Microsoft 365 works, this should not be possible. It would be best to contact Microsoft Support to assist in working out the best solution for this issue.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Azure AD account soft-deleted, Exchange Online Mailbox not present
Solution:
Mailbox might have been completely purged (outside the 30-day period) and hence cannot be recovered. Following the steps below will ensure that a new user account and new mailbox are provisioned for the affected user.
- Log in to Microsoft 365 portal.
- Create a new user account for the affected user.
- Assign the Exchange Online License for the user.
[!NOTE] Any old data will not be present in this new mailbox.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Azure AD Account soft-deleted, Exchange Online Mailbox Soft Deleted
Solution:
Follow steps below to recover the mailbox.
- Connect to Azure AD PowerShell.
- Restore the Azure AD user using the steps below:
- Run
$DelUser = Get-MsolUser -UserPrincipalName [email protected] -ReturnDeletedUsers
. Restore-MsolUser -ObjectId $DelUser.ObjectId
- Run
- Log into Microsoft 365 portal and assign the Exchange Online License for the user.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Azure AD Account Hard Deleted, Online Mailbox Present (Hard Deleted)
Solution:
Contact Microsoft Support
Because of the way Exchange Online Account provisioning in Microsoft 365 works, this should not be possible. It would be best to contact Microsoft Support to assist in working out the best solution for this issue.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Online Account Hard Deleted, Online Mailbox soft-deleted
Solution:
Follow steps below to recover the mailbox.
- Connect to Exchange Online PowerShell.
- We need to determine the state of the soft-deleted mailbox.Run
Get-mailbox –softdeletedmailbox –identity "<UserPrincipalName of the user>" |select-object IsInactiveMailbox
. - Based on the value of
IsInactiveMailbox
, take the appropriate steps:IfIsInactiveMailbox
is True:- Run
Get-Mailbox "<UserPrincipalName of the user>" -softdeletedmailbox| Select Name, DisplayName, MicrosoftOnlineServicesID, ExchangeGuid
. - Run
New-Mailbox -Name "<Name from Step 2>" -inactivemailbox "<ExchangeGuid from Step 2>" -MicrosoftOnlineServicesID "<MicrosoftOnlineServicesID from Step 2>" -Password (ConvertTo-SecureString -String 'Pa##w0rd goes here' -AsPlainText -Force)
.
IsInactiveMailbox
is False:- Run
Undo-SoftDeletedMailbox [email protected] -WindowsLiveID [email protected] -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)
. - Connect to Azure AD PowerShell.
- Run
get-msoluser -userprincipalname [email protected]
.
- Run
- Log into Microsoft 365 portal and assign the Exchange Online License for the user.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Online Account hard deleted, Online Mailbox Not Present
Solution:
Mailbox is not recoverable. Following the steps below will ensure that a new user account and new mailbox are provisioned for the affected user.
- Log in to Microsoft 365 portal.
- Create a new user account for the affected user.
- Assign the Exchange Online License for the user.
[!NOTE] Any old data will not be present in this new mailbox.
- If your issue is solved, congratulations! Your scenario is complete.
- If your issue isn’t solved, see Additional Resources.
Additional Resources
Sorry, we couldn’t resolve your issue with this guide, use the resources below to continue troubleshooting. Visit the Microsoft 365 Community for self-help support. Do one of the following:
- Use search to find a solution to your issue.
- Sign in with your Microsoft 365 admin credentials, and then post a question to the community.
Azure Active Directory User Account Status (User Account deleted on-premises)
Connect to Azure Active Directory PowerShell and verify the Online Account Status
- Install Azure AD Module.
- Open the Microsoft Online Services Module (shortcut from the desktop).
- Run
$cred=Get-Credential
.[!NOTE] When prompted for credentials, type your Microsoft 365 administration account credentials. - Run
Connect-MsolService -Credential $cred
. This cmdlet connects you to Microsoft 365. - Run
Get-MSOLUser -UserPrincipalName <UPN>
.Example: UserPrincipalName: [email protected]
If the user information is returned the user is PRESENT. If the user information is not returned, proceed to step 6. - Run
Get-MSOLUser -UserPrincipalName <UPN>-ReturnDeletedUsers |SELECT-OBJECT
.
If the user information is returned, the user is SOFT DELETED. - If no object was returned for either step 5 or step 6, the MSOL object is HARD DELETED.
Based on the outcome in the steps above, select one of the following:
Exchange Online Mailbox Status (on-premises user account is Deleted and Azure Active Directory user account is Present)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises user account is Deleted and Azure Active Directory user account is Soft Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.
Exchange Online Mailbox Status (on-premises user account is Deleted and Azure Active Directory user account is Hard Deleted)
Connect to Exchange Online PowerShell and verify the status of the Exchange Online Mailbox using the instructions below:
- Ensure the Exchange Online PowerShell module is installed.
- Connect to Exchange Online by running the command:Connect-ExchangeOnlineWhen prompted, enter the credentials for your Microsoft 365 admin account. If the account has multifactor authentication (MFA) enabled, you’ll also need to enter a security code.
- Run
Get-Mailbox -Identity <user Alias>
.
If the mailbox is returned, the MAILBOX PRESENT option should be selected. If not, go to step 4. - Run
Get-Mailbox -SoftDeletedMailbox -identity <user Alias>
.
If the mailbox is returned, the MAILBOX SOFT DELETED option should be selected. If not, go to step 5. - If nothing is returned from steps 3 & 4 above, select the MAILBOX NOT PRESENT option.