Restoring Synchronized Users (Hybrid Identity)

Veeam Backup for Microsoft Entra ID allows you to restore users synchronized with Microsoft Active Directory (hybrid identities). Unlike the synchronization software (for example, Microsoft Entra Connect), restore with Veeam Backup for Microsoft Entra ID preserves relations stored in the Entra ID: group memberships, assigned roles, used licenses and other relations.

Veeam Backup for Microsoft Entra ID restores properties and relations listed in Supported Entra ID Item Properties. To restore other properties, you still need synchronization software and, in some cases, local Active Directory restore. This section describes possible scenarios and steps for restore.

User Removed from Entra ID Without Synchronization After

If a synchronized user was removed only from Entra ID, and there was no synchronization process after the removal, do the following:

1. Use Veeam Backup for Microsoft Entra ID to restore an entire user to Entra ID. In the wizard, make sure that restore of relations is enabled.

Veeam Backup for Microsoft Entra ID will restore a user with a new object ID.

2. Wait or launch synchronization with Active Directory, for example, using Microsoft Entra Connect.

After the synchronization, the relations restored using Veeam Backup for Microsoft Entra ID will be preserved, the properties will be overwritten, and lacking properties will be restored. The user will become the hybrid identity.

User Removed from Entra ID with Synchronization After

If a synchronized user was removed only from Entra ID, but the synchronization process has already restored this user, Veeam Backup for Microsoft Entra ID will not be able to map this user and restore the relationships. In this case, do the following:

1. Remove from Entra ID the user created after the synchronization.
2. Use Veeam Backup for Microsoft Entra ID to restore an entire user to Entra ID. In the wizard, make sure that restore of relations is enabled.

Veeam Backup for Microsoft Entra ID will restore a user with a new object ID.

3. Wait or launch synchronization with Active Directory, for example, using Microsoft Entra Connect.

After the synchronization, the relations restored using Veeam Backup for Microsoft Entra ID will be preserved, the properties will be overwritten, and lacking properties will be restored. The user will become the hybrid identity.

User removed from Entra ID and Active Directory

If a synchronized user was removed from Entra ID and Active Directory, do the following:

1. Use Veeam Backup for Microsoft Entra ID to restore an entire user to Entra ID. In the wizard, make sure that restore of relations is enabled.

Veeam Backup for Microsoft Entra ID will restore a user with a new object ID.

2. Use application item restore or Veeam Explorer for Microsoft Active Directory to restore the user locally in Active Directory.
3. Wait or launch synchronization with Active Directory, for example, using Microsoft Entra Connect.

After the synchronization, the relations restored using Veeam Backup for Microsoft Entra ID will be preserved, the properties will be overwritten, and lacking properties will be restored. The user will become the hybrid identity.