SBS 2008/2011: Recover Deleted User
Under Windows Small Business Server (SBS) 2008/2011, there are two ways to remove a user, and so the method to recover a user varies:
If a user is removed via SBS Console, the user account is tombstoned, and may be recovered (see below), but the mailbox is purged immediately, despite the default mailbox retention policies on the Exchange store. In this circumstance the best course of action is:
- Create a new user account via SBS Console;
- Restore the mail store into a recovery store, and extract the mailbox to a Personal Folders File (PST);
- Import the PST into the new user's mailbox via Outlook (or Exchange Management Shell).
Active Directory Users and Computers
If a user account is deleted via the Active Directory, the user is tombstoned and may be recovered, and then relinked to the mailbox (which is not removed):
Restoring The Active Directory Object
- Use Sysinternals' AdRestore (direct link).
(See also Sysinternals' Active Directory Explorer.)
- Reset the various settings, usernames, password, locked status and group memberships on the account.
Relinking The Orphaned Mailbox to the User Object
- Open Exchange Management Shell and run:
Clean-MailboxDatabase "Mailbox Database"
(This operation is quite quick and has no output.)
If the mailbox database is not called Mailbox Database (for example Exchange databases in SBS 2011 migrated from earlier versions have a different name), enter:
Get-MailboxDatabase | Clean-MailboxDatabase
- Open Exchange Management Console and under Recipient Configuration, choose Disconnected Mailbox.
- Click Connect to Server. The mailbox previously associated with the deleted user account should appear.
- Right-click the mailbox and choose Reconnect. Run the wizard.
Fix Account So It Appears In SBS Console
- Open Windows SBS Console, open Users and Groups. Click Change user role for user accounts.
- Click Standard User (or Network Administrator if required).
- Choose Replace User Permissions or Settings and click Next.
- Choose Display all user accounts in the Active Directory.
- Click on the recovered user account and click Add.
- Click Change user role.
The dialog will display some warnings because the user's folders are already present. These may be ignored.
- Click Finish.