How to recover hybrid user accounts in On Demand Recovery

Hello, my name is Ian Lindsay. I am a strategic systems consultant for Quest. In this video, I'm going to show you the process for recovering hybrid user accounts that are accidentally deleted from both on-premise and in the Azure Cloud. And a lot of times, when we talk to customers, they'll just say, oh, well, if I just delete a user, I'll go into on-prem, I'll restore them, and I'll add AD Connect take care of it. Well, if you look at his list, there are a couple of things that we don't get back when we do it that way. So I'm going to show you what happens when we try to do a restore, both using our tool and through native tools. So let's set up this scenario. Our company has decided that when an executive leaves the company, all access needs to be immediately revoked from that user, including both on-premise and in the cloud, and we want to ensure that they can't have access by removing them from the recycle bins. So we have an automated process that goes through and will remove a user. HR is going in and entered that one of my executives is leaving. So the script is automatically run and deleted the user. But then they realized that they did that in error. So let's see what happens. So first, let's look at our user. So this is our user that gets deleted, Diana. As you can see from the organization, she's the chief financial officer. So that's why she's going to be removed immediately. She belongs to a number of groups on-premise. Some of them will give her access on-prem, some of them we'll give her access to things in the cloud. So let's look at the cloud side of this particular user. So here's the cloud half of my user for Diane. When I look at her profile, I can see the information that has sunk from on-premise, such as that she's the chief financial officer. But I also some other info here that's in the cloud-- her usage location, which is used for licensing. Diana also has a number of roles in the cloud that give her rights to do certain things. Along with those on-premise groups that she was a member of, she's also a member of some cloud groups too. These will give her access to specific applications or licensing in the cloud. So here's a list of the apps that she has access to, and you can see how she's been granted access to those. She has a number of licenses for things that she can go ahead and utilize. And we have her two-factor authentication information. So let's see what happens when Diana logs into the systems. So I'm going to go off and connect our company's Azure portal. So let me log in as Diana. And her password. And we get prompted for multi-factor authentication. So let's enter that information. So as you can see, Diana has access to a number of applications. Some are cloud applications, such as her Outlook to get her email, And here we can see her email box. Diana is also a member of some teams and has access to teams. And here's her teams. And she has access to some internal applications that we utilize on a daily basis. So let's see what happens when Diane's account is accidentally deleted. This script here will simulate the HR department going ahead and deleting the account. So let's enter the account to be deleted. We'll say, yes. And now, the script will take over and delete the account. OK, our executive has been deleted and removed from the cloud. Now we get the call from the HR department, telling us that this was done in error, and we need to restore. Let's go into the Active Directory administration center. I'll refresh the recycle bin. And there's Diana. Fortunately, she's still in the on-premise recycle bin. So we'll go ahead in and restore back into the Active Directory. When I refresh the organizational unit Diane is back in the local directory. Now, we need to get this out to the cloud, so we'll tell AD Connect to go ahead and sync those changes back to the cloud. So now, let's see what happens when we log or back in again. So let's open up a new browser window, and we'll go to the portal. We first put in her past login account. And then let's enter her password. First thing to notice is we did not get prompted for two-factor authentication. And when we look at the portal, I see some of the apps that she should have access to, but I don't see everything that she should have access to. So let's look and figure out why. Let's go back and look at Diana back in the portal again. So here's her cloud account. When I look at her profile, I see the on-premise information, that she was a chief financial officer, but I don't see the usage location that was there before. The roles that she was assigned to are no longer there. If I look at the groups, I'm seeing her groups from on-premise, but I'm not seeing all of her cloud groups. So that's probably a problem. If I look at the applications, some of them are here, but not all of them. There are a couple of missing. When I look at her licenses, all of her licenses are also missing. Let's go down to the authentication, and we see that her two-factor authentication information is missing. So there's probably a bunch of things that are wrong here. So let's go ahead in, and rather than trying to fix all of this, what I'm going to do is I'm just going to start over again, and we'll re-delete Diana. And Diana is deleted again. Now, this time, rather than trying to restore her on-prem