Last Update: Sep 04, 2024 | Published: Mar 29, 2017
The ability to recover deleted Office 365 Groups has been awaited for many months. Microsoft promised the feature by the end of 2016 at the Ignite conference in September 2016 but precious little has appeared since. That is, until the release of version 2.0.0.98 of the Azure Active Directory PowerShell module on March 28. This module includes the cmdlets necessary to recover deleted groups. Documentation for the cmdlets will soon be available along with that for the other cmdlets in the module.
The feature is listed in the “Rolling Out” section of the Office 365 Roadmap as “Recover deleted Office 365 Groups via PowerShell” (ID 72284). However, it has not shown up yet in the Office 365 Message Center.
For some, the bad news is that recovery is only possible using PowerShell. You could also say that the cmdlets are in a preview version of the Azure Active Directory PowerShell module and that many tenants have not yet moved over from the older V1 module because of the way that cmdlet names and parameters have changed. No one, after all, likes to have to rewrite code.
However, the fact is that Microsoft has deprecated the older V1 module and all further development will occur for the V2 module. Indeed, Microsoft has built out the cmdlet set over the last few months to a point where it is possible to translate older V1 cmdlets to their V2 counterparts with less pain than before. Of course, testing is still essential and is another factor to consider.
To be fair to Microsoft, figuring out all the bits that need to be reconnected to recover a group has become more complex as Office 365 Groups matured from an application to become an identity and membership service for other applications. Putting together a fully-built out group that is team-enabled, has several plans, hundreds of conversations in a mailbox, and a large SharePoint team site is not a task that you want to get wrong. In that respect, delaying the release of the recovery feature is understandable.
The good news is that the process of recovering a deleted Office 365 Group is simple and straightforward. The basic concept is that deleted groups stay in a soft-deleted state for 30 days after a tenant administrator or group owner removes them. During this period, a group can be recovered. After the period lapses. Office 365 permanently removes all the group resources. The group is then irrecoverable.
First, look for deleted groups with the Get-AzureADMSDeletedGroup cmdlet
[PS] C:> Get-AzureADMSDeletedGroup
The most important item returned for each group is its object identifier because this is used to reference the group in other commands. You can store an object identifier in a variable to make it easier to use.
[PS] C:> $RecoveryGroup = (Get-AzureADMSDeletedGroup -SearchString "My Group").Id
Once we have the object identifier for a soft-deleted group, we can restore it in a single command using the Restore-AzureADMSDeletedDirectoryObject cmdlet.
[PS] C:> Restore-AzureADMSDeletedDirectoryObject -Id $RecoveryGroup
Soon afterwards, the Azure Active Directory object reappears. You can check it as follows:
[PS] C:> Get-AzureADGroup -ObjectID $RecoveryGroup
Figure 1 shows the sequence of commands run to recover a deleted group.
If you need to purge a soft-deleted group and permanently remove its contents from Office 365, run the Remove-AzureADMSDeletedDirectoryObject cmdlet and pass the object identifier for the group to purge. Oddly, the cmdlet does not ask you to confirm this operation!
[PS] C:> Remove- AzureADMSDeletedDirectoryObject -Id $RecoveryGroup
As the documentation for the feature states, in some cases, “it can take as long as 24 hours to completely restore”. In running several tests, I found that restoration took just a few minutes for a “regular” group. In other words, a group that was unconnected to Planner and/or Teams. Restoration took longer when these applications were introduced into the mix (30 hours in one case). This probably reflects the added complexity of directory synchronization and the need to recover data from the Azure data services used by these applications.
When checking a restored group, make sure to clear your browser cache to remove any references to the group and force the browser to reload everything. I found that this is especially necessary to see the complete data for plans and teams.
Naturally, if you have an Office 365 connector configured for a team or group, the connector will not receive data while the group is in a deleted state or during the recovery process. In other words, if you make a mistake and delete a group and then recover it, you will miss the data that the connector would have captured while the group is offline.
Like any operation to recover data, tenants will doubtless want to do their own testing to check that Office 365 Groups can be recovered smoothly and to integrate this process into their help desk and support procedures.
Microsoft launched Office 365 Groups in November 2014. The need for a recovery capability was identified soon afterwards, especially for large enterprises who are underimpressed that an administrative slipup can remove information in an irrecoverable manner. This removes a roadblock that has prevented some tenants even considering the deployment of Office 365 Groups. It’s a big thing for them.
For the last two and a half years, we have survived with hard-deleting irrecoverable groups. It is a very positive development that Microsoft has finally provided the ability to recover Office 365 Groups, whether or not they are removed accidentally!
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle