Problems restoring user in Hybrid AD

Ken Graser
Ken Graser used Ask the Experts™
My network is using a Hybrid AD set up using both a local AD and an AZURE AD.  
I had a user quit about 15 days ago and I deleted the user in the local AD and when the AD's synced everything was fine. The user showed up in deleted users etc.

Now 15 days later the person is coming back and they want all of the emails back.  
I know that I have 30 days to recover a users profile and emails so I didn't think this would be a problem.
However, after I recovered the user in the AZURE AD, she shows up in active users, I don't have the user in the local AD.
I added the user to the local AD using the same user name and password.  Now when the AD synced I get a directory sync error.  There is a new user in the AZURE AD with the same name with a number assigned i.e.  
If I deleted the user from the local AD, I can't log in to the domain.

I'm not sure if I should have added the user back into the local AD first or what.
Any Ideas on how to get myself out of the problem would be appreciated.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
Yes, you should have recovered the user account from the AD recycle bin first. Since you provisioned a new user object, with a new objectID, it will not match against the cloud account.

If you can, recover the AD account. If not, clear the ImmutableID attribute of the cloud account, then use the soft-match mechanism to link the two together:
Ken GraserIT Manager



Thanks for this.  It did the trick.  


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial