Description
Summary
The Restore-EntraDeletedDirectoryObject is missing newUserPrincipalName parameter.
Description
The Request body for the respective restore Graph call supports two very important optional parameters:
- autoReconcileProxyConflict (Boolean): Indicates whether Microsoft Entra ID should remove any conflicting proxy addresses while restoring a soft-deleted user whose one or more proxy addresses are currently used for an active user. Used only for restoring soft-deleted user objects. The default value for this parameter is
false. - newUserPrincipalName (String): The new userPrincipalName to add to the restored user.
The Restore-EntraDeletedDirectoryObject does have the -AutoReconcileProxyConflict parameter, but doesn't have a -NewUserPrincipalName.
Without the newUserPrincipalName parameter it might be impossible to restore a user from Entra Recycle Bin, and if the user is not restored within 30 days, it gets automatically purged which means that there's a potencial risk for data loss!
Trying to restore a user with a UPN conflict throws the following error:
Conflicts detected while trying to restore the user restoreUserErrors: ErrorValue:<pii>user1</pii>@Contoso.com ObjectType:User ConflictingObjectId:c391####-####-####-####-####8e33####, ErrorType:SignInName, ErrorId:ConflictsErrorValue:<pii><pii>user1</pii>@Contoso.com</pii> ObjectType:User ConflictingObjectId:c391####-####-####-####-####8e33####, ErrorType:UserPrincipalName, ErrorId:Conflicts
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
In this situation, although not obvious from the vague error message, the only way to restore the object is to use the newUserPrincipalName parameter.
Describe the feature
Include the optional parameter for newUserPrincipalName, e.g.:
Restore-EntraDeletedDirectoryObject -Id $userId -NewUserPrincipalName '[email protected]'How will this feature enhance your project and further the project’s overall goals? Who will benefit from this feature (i.e. all users; the project team)?
This is a Support volume generator as we had a Customer calling support that was blocked from restoring an important user and panicking with possible data loss.
Having this NewUserPrincipalName as a cmdlet parameter will make it much easier for IT Pros to use as they can take advantage of the built-in PowerShell parameter auto-completion to discover this option and self-serve the restore operation, hassle free.
Describe alternatives you've considered
You can use the equivalent Graph PowerShell cmdlet Restore-MgDirectoryDeletedItem but you'll have to craft a hash-table for the Body Parameter, which is not user friendly and is hard to discover, i.e. user will have to find this parameter in the Graph documentation.
Additional context
Module / PowerShell / OS versions
Get-Module Microsoft.Entra -ListAvailable
Directory: D:\Users\user\Documents\PowerShell\Modules
ModuleType Version PreRelease Name PSEdition ExportedCommands
---------- ------- ---------- ---- --------- ----------------
Script 1.0.8 Microsoft.Entra Core,Desk {Enable-EntraAzureADAlias, Test-EntraScript}
$Psversiontable
Name Value
---- -----
PSVersion 7.5.1
PSEdition Core
GitCommitId 7.5.1
OS Microsoft Windows 10.0.26100
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Please don't hesitate to reach out if you have any questions.
Thank you!