How to restore Users from Entra ID backup

Step 1. Sign into the backup portal

Open your web browser and go to the following address: https://shield-cloud.nexetic.com/
Select Sign in with Microsoft 365. Insert your Microsoft 365 admin credentials for the tenant you want to restore data from.

entraid-signin-new.png

Resellers can also sign in via Nexetic Portal.

Step 2. Select Backup for Entra ID

EntraID-select-menu.png

Click the icon in the top-left corner of the page and select Backup for Entra ID.

 

Step 3. Select the Users page

Click Users in the top navigation. You can see the list of all user accounts that have been backed up from the Entra ID tenant.

entraid-users-view.png

Step 4. Locate the user(s)

You can sort the users by their Name, Object id or Last modification date. You can also filter the users by typing any part of the user's name or Object Id in the Search box.

entraid-users-search2.png

Step 5. Select the users

You can restore all users, selected users or just a single user. When you click any user's name, you can view attributes, group memberships and role assignments that have been backed up from the selected user. Check Step 6 of this support article for more info about checking user's details.

OPTION A: Select all users

You can select all users to be restored at once by checking the box in the top-left corner of the user grid. All users in the Entra ID tenant get selected - not just the ones displayed on the current page.

Click the Restore selected button.

Next proceed to Step 7 of this support article to see how to select the restore options.

entraid-users-restore-all.png


OPTION B: Select multiple users

Select single users to be restored by checking the boxes next to each user's name.

Click the Restore selected button.

Next proceed to Step 7 of this support article to see how to select the restore options.

entraid-users-restore-selected.png

OPTION C: Select and view attributes for a single user

You may want to see more details for a user, such as user's group memberships and admin role assignments. Sometimes it may also be helpful to view and compare the object versions between different dates.

Review Step 6. below to learn more.


Step 6. View the user attributes and versions

Select the user by clicking the user's name. You can see all the attributes that exist for the selected user. 

The latest version from backup is always displayed by default. You can click the arrows to browse the different time points / version dates for the object. The version from the selected time point is always displayed. Red font indicates a changed value for that attribute; i.e. object attributes marked with red font are changed in this version from the previous version.entraid-faq-redfont.png

If you already know which date's version you want to restore, you can proceed by clicking Restore this version.

There are two links: View memberships and View role assignments. From there you can see the groups where the user belongs to, as well as the role assignments that the user has.

entraid-user-data.png

Step 6.1. View group memberships

By clicking View memberships, you can see the groups where the user belongs to. You can also filter the Membership list view by date and time. You can select any day and time from the calendar to view the version of the selected time point. If the Membership list is empty, the user didn't belong to any groups at the selected time.

Changes to the memberships are recorded in Membership log. From there you can detect the timing of the changes, which will help you to choose the correct version date & time from the calendar.

You can proceed to start the restoration by clicking Restore this version.

entraid-memberships.png

Step 6.2. View role assignments

By clicking View role assignments, you can see the role assignments that the user has been granted. You can select any day and time from the calendar to view the version of the selected time point.

Changes to the role assignments are recorded in Role assignments log.

You can proceed to start the restoration from this window, too, by clicking Restore this version.

entraid-role-assignments.png

Step 7. Select restore options

Select the snapshot date & time from the calendar. You can still change the date & time even if you already chose them on any of the previous screens whilst viewing a single user.

Make your choices for the following options:

  • To restore a user with it's attributes, current name and Object ID, choose With object. If the user doesn't exist in Entra ID, it will be recreated. If the user already exists in Entra ID, the existing user will be overwritten.
    • If you don't select 'With object', you can still restore memberships and role assignments to the already existing user.
  • If you select As new, a new user with a new Object ID is created during the restore process. You need to input a name for the object that will be created. If you are restoring 'With object' but don't select 'As new', the restoration target is the already existing user in Entra ID.
    • NOTE: The 'RESTORE AS NEW' OPTION IS NOT AVAILABLE WHEN YOU RESTORE MULTIPLE USERS AT A TIME. If you restore multiple users and a user already exists in Entra ID, it will be overwritten. If the user doesn't exist, a new user will be created with the same name that it was backed up with.
  • If you want to restore group memberships, select With memberships.
  • If you want to restore admin role assignments, select With role assignments.
  • If you want to restore the objects to another Entra ID tenant, select To another tenant.
    • First you need to add the target tenant where you want to restore the data to - check the instruction.
    • Now you can see the existing target tenant(s) in the 'To another tenant' drop-down menu - in case of having multiple target tenants added, select the one you want to restore the data to.
    • The available domain names for the selected target tenant can be seen under the 'With domain' menu and you can select the domain from there. E.g. if you are restoring users and select 'nexeticbackup.onmicrosoft.com' as the domain, the users are restored with the email ...@nexeticbackup.onmicrosoft.com. Screenshots can be found from the above mentioned support article.

entraid-users-restore-new.png

For example, if you want to restore missing group memberships and group assignments to the already existing user(s), tick the boxes 'With memberships' and 'With role assignments'. If you want to restore a single user with a new name without memberships or assignments, just select 'With object' and 'As new'.

Once you have selected the options, start the restoration by clicking Restore.

Step 8. Reset users' passwords

Microsoft does not allow backing up password and MFA related details. When a user is restored, the tenant admin will need to reset the user's password in Entra Admin center. The user will also need to set up MFA for his/her Microsoft account.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more