- Mastering Office 365 Administration
- Thomas Carpe Nikkia Carter Alara Rogers
- 333字
- 2021-06-25 22:09:23
The user recycle bin
It's important to understand what happens behind the scenes when a user is deleted from Azure AD. Failure to properly control this process can result in the permanent loss of a user's mailbox or other important data.
First, when a user is deleted, the account does not disappear. It is moved to the user recycle bin. These users can be restored to active status at any time.
If no other action is taken, deleted accounts will remain in the recycle bin for up to 30 days. However, it is possible for you to permanently delete them. It is also possible that the account may be permanently deleted if a new account with the same username is created. (Those using AD Connect should pay special attention to this second possibility, since AD Connect may recreate an account if it's found in the local directory after being deleted in the cloud.)
Here's a quick tip on what not to do:
Get-MsolUser -All | Remove-MsolUser -Force
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin
Why this is a bad idea is (at least) a three-part answer. Please post your answers in essay form to the Office 365 user voice forum or using an Office 365 support ticket.
If you choose to test the preceding command, do not do this on your production tenant; use a free trial account to see what will happen. It will not be pretty. Spoiler alert: if you do this, or anything like it, chances are very good that Microsoft will not be able to help you recover mailboxes or other user data. If you're very fortunate, you might have a Microsoft partner with delegated access who can help you regain access to your tenant after all its users have been deleted.
Best practice: There is almost never a justifiable reason to empty the end user recycle bin. If you must get rid of a user in the recycle bin, do so one user at a time and with great care.