A big announcement yesterday and this is something our customers have really been waiting for – the ability to recover deleted Groups, and with them any other deleted group related content that was deleted along with the group. The support article that outlines this can be found at https://support.office.com/en-us/article/Restore-a-deleted-Office-365-Group-b7c66b59-657a-4e1a-8aa0-8163b1f4eb54?ui=en-US&rs=en-US&ad=US and you also need to be running the AzureAD PowerShell v2 Preview module to get this working. That can be installed in PowerShell following the instructions at https://docs.microsoft.com/en-us/powershell/azuread/. I think there is also a PowerShell version requirement – but works fine on my Windows 10 laptop.
The reason our customers (and I work with Planner – so am looking at ‘our customers’ being the ones using Planner) usually lose Plans is that someone (IT admin?) sees the Group and does not recognize it and so deletes it. The warning message when you delete it probably could be better – but along with the Group you also lose the Plan and SharePoint site that holds some of the other Group/Plan content. I’ll walk through the scenario – right from installing the Azure module, deleting a Group – see what goes away – and then recovering.
First the Azure module. If you open PowerShell as an admin (I usually use the ISE) then following the 2nd link above it tells you to look at https://docs.microsoft.com/en-us/powershell/azuread/ for the V2 Preview Release (220.127.116.11 as I write this) and you will need to run:
Install-Module –Name AzureADPreview
This might prompt you to install the NuGet provider – if it does then just follow those instructions first. It prompted me – so I replied Yes.
The next prompt will likely be telling you that you are installing from an untrusted repository – I decided that I did trust the repository and responded Yes at the following prompt.
If you have installed a previous version of the preview – it may tell you that you need to use the –Force option – in my case on one of my machines I had used an earlier preview – but not on this particular machine – so I was good to go.
To run any Azure commands you need to log in to Azure – so the first command is Connect-AzureAD – which will throw up a prompt and you can log in to your Office 365 tenant.
OK, now to the fun part. I have a Plan – that has a Group and a SharePoint site.
And from the Group view I can select Edit Group – then Delete Group (You might also delete via PowerShell or the AD Portal).
I check the box – and the Group is gone. So too the Plan. You might see ‘Can’t get the Group data’ just after deletion if you browse to the plan – then finally once it has gone you get an ‘Oops, something went wrong…”
The SharePoint takes a little longer from what I have seen, – and eventually you’ll get a 403 if you try and navigate directly to it. Same with the mailbox too – in fact I stopped waiting for that to go away just so I could get on with this blog (I assume it would finally be gone).
So now I have a deleted Group – or rather what we term a ‘soft deleted’ Group – as I can still recover it.
If I follow the support document listed at the top of this blog I can look for the deleted Group – and recover it, by using
Get-AzureADMSDeletedGroup – to get the Id – and then
Restore-AzureADMSDeletedDirectoryObject –Id <objectId> to recover the information
Once the script runs it does take a little while to recover everything – best to give it a while to get everything straight – as I have seen some odd but expected behavior if you try and go in before everything is restored. For example if the SharePoint recovery isn’t complete you won’t see the attachments – and the checklists seemed to also not come back as quickly. If you do see any behavior like this then generally a fresh browser or clearing the cache in your browser will get everything working (Once all the data is returned). I did see when preparing this blog and using the same browser session that I didn’t see my attachments and also my new bucket was not present and all tasks were in the To Do bucket. Going to a InPrivate/Incognito window for the browser showed me the expected fully recovered plan.
Obviously I could just use my previous screenshots to show that the recovery worked - but I didn’t – here is a view of the Notebook – freshly recovered:
And the answer to that question is a resounding YES!
We do also mention that although restore generally takes a few minutes it can at times take as long as 24 hours. Get-AzureADGroup –ObjectId <objectId> will confirm if the Group is back.
The recovery is only available for 30 days from the time of deletion – and also this is only suitable for complete recovery of a deleted Group/Plan – we don’t have any capabilities to recover a deleted task or bucket from your plan – and no Point In Time Recovery options for Groups/Plans.
For more details of other AzureAD changes that came along with these new commands please see the PowerShell Gallery link above – and also the recent article from Rob de Jong and Curtis Love - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-settings-cmdlets. I’ll be refreshing some of my earlier blog posts on Planner around the new commands for Group creation control.