Restore a Deleted User’s OneDrive in Microsoft 365

Mission Objective

Rescue a deleted user’s OneDrive data before the 30-day purge clock runs out. Use Microsoft 365 admin controls and Graph API to reclaim files and hand them off. No data lost, mission critical.

Gear Check

• Microsoft 365 Tenant: Admin access to Azure AD and OneDrive.

• Permissions: Global Admin or User Admin role, Graph API User.ReadWrite.All.

• PowerShell: Microsoft.Graph module (Install-Module Microsoft.Graph -Scope CurrentUser).

• Intel: Deleted user’s UPN or Object ID—check Azure AD recycle bin.

• Tools: M365 Admin Center, PowerShell ISE or VS Code.

The Play

Recover the user and snag their OneDrive URL with this strike:

# Install Graph Module
Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force

# Connect to Graph
Connect-MgGraph -Scopes "User.ReadWrite.All" -NoWelcome

# Restore Deleted User
$deletedUserId = "deleted-user-object-id"  # Swap from Azure AD
Restore-MgUser -UserId $deletedUserId

# Get OneDrive URL
$user = Get-MgUser -UserId $deletedUserId -Property "DisplayName,UserPrincipalName,MySite"
$oneDriveUrl = $user.MySite
Write-Output "OneDrive URL: $oneDriveUrl"

Execution

• Step 1—Scope the Target: In M365 Admin Center (admin.microsoft.com), hit “Users” > “Deleted Users.” Spot your mark—deleted within 30 days, shows UPN (e.g., jdoe@yourdomain.com) and deletion date. Copy the Object ID (hover or check details)—that’s your ticket.

• Step 2—Prep the Arsenal: Fire up PowerShell as admin. Run Install-Module Microsoft.Graph -Scope CurrentUser -Force if it’s not loaded—grabs the Graph toolkit.

• Step 3—Link to Command: Execute Connect-MgGraph -Scopes "User.ReadWrite.All" -NoWelcome. Sign in with Global Admin creds—prompt pops, no banner clutter.

• Step 4—Execute Restore:

  • Plug the Object ID into $deletedUserId (e.g., 123e4567-e89b-12d3-a456-426614174000).

  • Run Restore-MgUser -UserId $deletedUserId. User jumps back to “Active Users”—takes a minute, watch the portal.

• Step 5—Locate OneDrive:

  • Run Get-MgUser -UserId $deletedUserId -Property "DisplayName,UserPrincipalName,MySite".

  • $user.MySite spits out the OneDrive URL (e.g., https://yourdomain-my.sharepoint.com/personal/jdoe_yourdomain_com). Save it.

• Step 6—Secure the Goods:

  • In OneDrive Admin Center (admin.onedrive.com), go “Deleted Users.” Find the restored user—click “Restore Files” if needed (manual backup option).

  • Or hit the URL from Step 5 in a browser (admin creds)—copy files to a new owner’s OneDrive or SharePoint.

• Verify: Check “Active Users”—user’s back, OneDrive’s live. Files match pre-deletion state. Hand off or archive as ordered.

Mission Value

Deleted user’s OneDrive lives again—30-day window exploited, data secured. Graph cuts the manual slog, restores fast, and pinpoints the stash. No loss, full control.

Field Notes

Past 30 days? Game over—data’s smoked, no recovery. Graph 403? Scope User.ReadWrite.All or creds need juice—Global Admin’s a must. OneDrive URL blank? Wait 5-10 mins post-restore, sync lags. Manual grab too slow? Script a Copy-MgDriveItem for bulk transfer. Intel—I’m on watch.