Editja

Ixxerja permezz ta’

Bulk restore deleted users in Microsoft Entra ID

  • Artiklu

Microsoft Entra ID, part of Microsoft Entra, supports bulk user restore operations and supports downloading lists of users, groups, and group members.

Understand the CSV template

Download and fill in the CSV template to help you successfully restore Microsoft Entra users in bulk. The CSV template you download might look like this example:

Screenshot of spreadsheet for uploading and call-outs explaining the purpose and values for each row and column.

CSV template structure

The rows in a downloaded CSV template are as follows:

  • Version number: The first row containing the version number must be included in the upload CSV.
  • Column headings: The format of the column headings is <Item name> [PropertyName] <Required or blank>. For example, Object ID [objectId] Required. Some older versions of the template might have slight variations.
  • Examples row: We have included in the template a row of examples of acceptable values for each column. You must remove the examples row and replace it with your own entries.

Additional guidance

  • The first two rows of the upload template must not be removed or modified, or the upload can't be processed.
  • The required columns are listed first.
  • We don't recommend adding new columns to the template. Any additional columns you add are ignored and not processed.
  • We recommend that you download the latest version of the CSV template as often as possible.

To bulk restore users

Tip

Steps in this article might vary slightly based on the portal you start from.

  1. Sign in to the Microsoft Entra admin center as at least a User Administrator.

  2. Select Microsoft Entra ID.

  3. Select All users > Users > Deleted.

  4. On the Deleted users page, select Bulk restore to upload a valid CSV file of properties of the users to restore.

    Screenshot of selecting the bulk restore command on the Deleted users page.

  5. Open the CSV template and add a line for each user you want to restore. The only required value is ObjectID. Then save the file.

    Screenshot of selecting a local CSV file in which you list the users you want to add

  6. On the Bulk restore page, under Upload your csv file, browse to the file. When you select the file and click Submit, validation of the CSV file starts.

  7. When the file contents are validated, you’ll see File uploaded successfully. If there are errors, you must fix them before you can submit the job.

  8. When your file passes validation, select Submit to start the bulk operation that restores the users.

  9. When the restore operation completes, you'll see a notification that the bulk operation succeeded.

If you experience errors, you can download and view the results file on the Bulk operation results page. The file contains the reason for each error. The file submission must match the provided template and include the exact column names. For more information about bulk operations limitations, see Bulk restore service limits.

Check status

You can see the status of all of your pending bulk requests in the Bulk operation results page.

Screenshot of checking the status in the Bulk Operations Results page..

Next, you can check to see that the users you restored exist in the Microsoft Entra organization via either Microsoft Entra ID or PowerShell.

View restored users in the Azure portal

  1. Sign in to the Microsoft Entra admin center as at least a User Administrator.
  2. Select Microsoft Entra ID.
  3. Select All users Under Manage, select Users.
  4. Under Show, select All users and verify that the users you restored are listed.

View users with PowerShell

Run the following command:

Get-MgUser -Filter "UserType eq 'Member'"

You should see that the users that you restored are listed.

Note

Azure AD and MSOnline PowerShell modules are deprecated as of March 30, 2024. To learn more, read the deprecation update. After this date, support for these modules are limited to migration assistance to Microsoft Graph PowerShell SDK and security fixes. The deprecated modules will continue to function through March, 30 2025.

We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). For common migration questions, refer to the Migration FAQ. Note: Versions 1.0.x of MSOnline may experience disruption after June 30, 2024.

Bulk restore service limits

You should be aware that each bulk operations activity can run for up to one hour.

Bulk operations in the Microsoft Entra admin portal could time out and fail on very large tenants. This limitation is a known issue due to scaling limitations. The Microsoft engineering team is working on a new service that will eventually address this limitation.

Note

When performing bulk operations, such as import or create, you may encounter a problem if the bulk operation does not complete within the hour. To work around this issue, we recommend splitting the number of records processed per batch. For example, before starting an export you could limit the result set by filtering on a group type or user name to reduce the size of the results. By refining your filters, essentially you are limiting the data returned by the bulk operation.

Another workaround for this issue is to use PowerShell to make direct Microsoft Graph API calls. For bulk download users and groups failure, we recommend using the PowerShell cmdlets GET-MgGroup -All and GET-MgUser -All.

The following PowerShell code examples are for bulk operations related to:

Users

Bulk download all users

# Import the Microsoft Graph module 
Import-Module Microsoft.Graph 

# Authenticate to Microsoft Graph (you may need to provide your credentials) 
Connect-MgGraph -Scopes "User.Read.All" 

# Get all users using Get-MgUser 
$users = Get-MgUser -All -ConsistencyLevel eventual -Property Id, DisplayName, UserPrincipalName,UserType,OnPremisesSyncEnabled,CompanyName,CreationType 

# Specify the output CSV file path 
$outputCsvPath = "C:\\Users\\YourUsername\\Documents\\Users.csv"  

# Create a custom object to store user data 
$userData = @() 

# Loop through each user and collect relevant data 
foreach ($user in $users) { 
    $userObject = [PSCustomObject]@{ 
        Id = $user.Id 
        DisplayName = $user.DisplayName 
        UserPrincipalName = $user.UserPrincipalName 
        UserType = $user.UserType 
        OnPremisesSyncEnabled = $user.OnPremisesSyncEnabled 
        CompanyName = $user.CompanyName 
        CreationType = $user.CreationType 
    } 
    $userData += $userObject 
} 

# Export user data to a CSV file 
$userData | Export-Csv -Path $outputCsvPath -NoTypeInformation 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph 

Write-Host "User data exported to $outputCsvPath"

Bulk create users

# Import the Microsoft Graph module 
Import-Module Microsoft.Graph 

# Authenticate to Microsoft Graph (you may need to provide your credentials) 
Connect-MgGraph -Scopes "User.ReadWrite.All" 

# Specify the path to the CSV file containing user data 
$csvFilePath = "C:\\Path\\To\\Your\\Users.csv" 

# Read the CSV file (adjust the column names as needed) 
$usersData = Import-Csv -Path $csvFilePath 

# Loop through each row in the CSV and create users \
foreach ($userRow in $usersData) { 
    $userParams = @{ 
        DisplayName = $userRow.'Name [displayName] Required' 
        UserPrincipalName = $userRow.'User name [userPrincipalName] Required' 
        PasswordProfile = @{ 
            Password = $userRow.'Initial password [passwordProfile] Required' 
        } 
        AccountEnabled = $true 
        MailNickName = $userRow.mailNickName 
    } 
    try { 
        New-MgUser @userParams 
        Write-Host "User $($userRow.UserPrincipalName) created successfully." 
    } catch { 
        Write-Host "Error creating user $($userRow.UserPrincipalName): $($_.Exception.Message)" 
    } 
} 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph 

Write-Host "Bulk user creation completed."

Note

Make sure your CSV file contains the necessary columns (for example; DisplayName, UserPrincipalName, and so on). Also, adjust the script to match the actual column names in your CSV file.

Bulk delete users

# Import the Microsoft Graph module 
Import-Module Microsoft.Graph 

# Authenticate to Microsoft Graph (you may need to provide your credentials) 
Connect-MgGraph -Scopes "User.ReadWrite.All" 

# Specify the path to the CSV file containing user data 
$csvFilePath = "C:\\Path\\To\\Your\\Users.csv" 

# Read the CSV file (adjust the column names as needed) 
$usersData = Import-Csv -Path $csvFilePath 

# Loop through each row in the CSV and delete users 
foreach ($userRow in $usersData) { 
    try { 
        Remove-MgUser -UserId $userRow.UserPrincipalName -Confirm:$false 
        Write-Host "User $($userRow.UserPrincipalName) deleted successfully." 
    } catch { 
        Write-Host "Error deleting user $($userRow.UserPrincipalName): $($_.Exception.Message)" 
    } 
} 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph 

Write-Host "Bulk user deletion completed."

Note

Make sure your CSV file contains the necessary columns (for example, UserPrincipalName). Also, adjust the script to match the actual column names in your CSV file.

Groups

Bulk download all groups

Import-Module Microsoft.Graph.Groups 

 # Authenticate to Microsoft Graph (you may need to provide your credentials) 
 Connect-MgGraph -Scopes "Group.Read.All" 

 # Get the group members 
 $groups = Get-MgGroup -All | Select displayName, Id, groupTypes,mail 

 # Create a custom object to store group data 
$groupData = @() 

# Loop through each group and collect relevant data 
foreach ($group in $groups) { 
    if ($group.groupTypes -contains "Unified"){$groupType = "Microsoft 365"} 
    else {$groupType = "Security"} 
    if ($group.groupTypes -contains "DynamicMembership"){$membershipType = "Dynamic"} 
    else {$membershipType = "Assigned"} 
    $groupObject = [PSCustomObject]@{ 
        Id = $group.Id 
        DisplayName = $group.displayName 
        Mail = $group.mail 
        GroupType = $groupType 
        MemebershipType = $membershipType 
    }   
    $groupData += $groupObject 
} 

 # Specify the output CSV file path 
 $outputCsvPath = "C:\\Users\\cewu\\Documents\\Groups.csv" 

 $groupData| Export-Csv -Path $outputCsvPath -NoTypeInformation 
 
 Write-Host "Group members exported to $outputCsvPath"

Bulk download members of a group

Import-Module Microsoft.Graph.Groups 

 # Authenticate to Microsoft Graph (you may need to provide your credentials) 
 Connect-MgGraph -Scopes "Group.Read.All,GroupMember.Read.All" 

 # Set the group ID of the group whose members you want to download 
 $groupId = "your_group_id" 

 # Get the group members 
 $members = Get-MgGroupMember -GroupId $groupId -All | select * -ExpandProperty additionalProperties | Select-Object @( 
                'id'     
                @{  Name       = 'userPrincipalName' 
                    Expression = { $_.AdditionalProperties["userPrincipalName"] } 
                } 
                @{  Name = 'displayName' 
                Expression = { $_.AdditionalProperties["displayName"] } 
                } 
            ) 

 # Specify the output CSV file path 
 $outputCsvPath = "C:\\Users\\YourUserName\\Documents\\GroupMembers.csv" 

 $members| Export-Csv -Path $outputCsvPath -NoTypeInformation 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph 

 Write-Host "Group members exported to $outputCsvPath"

Add members in bulk

Import-Module Microsoft.Graph.Groups 

 # Authenticate to Microsoft Graph (you may need to provide your credentials) 
 Connect-MgGraph -Scopes "GroupMember.ReadWrite.All" 

# Import the CSV file 
$members = Import-Csv -Path "C:\path\to\your\file.csv" 

# Define the Group ID 
$groupId = "your-group-id" 

# Iterate over each member and add them to the group 
foreach ($member in $members) { 
    try{ 
        New-MgGroupMember -GroupId $groupId -DirectoryObjectId $member.memberObjectId 
  	 Write-Host "Added $($member.memberObjectId) to the group."  
    } 
    Catch{ 
        Write-Host "Error adding member $($member.memberObjectId):$($_.Exception.Message)" 
    } 
} 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph

Remove members in bulk

Import-Module Microsoft.Graph.Groups 

 # Authenticate to Microsoft Graph (you may need to provide your credentials) 
 Connect-MgGraph -Scopes "GroupMember.ReadWrite.All" 

# Import the CSV file 
$members = Import-Csv -Path "C:\path\to\your\file.csv" 

# Define the Group ID 
$groupId = "your-group-id" 

# Iterate over each member and add them to the group 
foreach ($member in $members) { 
    try{ 
        Remove-MgGroupMemberByRef -GroupId $groupId -DirectoryObjectId $member.memberObjectId \
        Write-Host "Removed $($member.memberObjectId) from the group." 
    } 
    Catch{ 
        Write-Host "Error removing member $($member.memberObjectId):$($_.Exception.Message)" 
    } 
} 

# Disconnect from Microsoft Graph 
Disconnect-MgGraph

Devices

Bulk download all devices

Import-Module Microsoft.Graph 

 # Authenticate to Microsoft Graph (you may need to provide your credentials) 
 Connect-MgGraph -Scopes "Device.Read.All" 

 # Get all devices  
 $devices = Get-MgDevice -All |select displayName,deviceId,operatingSystem,operatingSystemVersion,isManaged,isCompliant,mdmAppId,registeredOwners,TrustType 

 # Specify the output CSV file path 
 $outputCsvPath = "C:\\Users\\YourUserName\\Documents\\Devices.csv" 

 $devices| Export-Csv -Path $outputCsvPath -NoTypeInformation 

 Write-Host "Devices exported to $outputCsvPath"

Next steps