Summary
This article describes some scenarios where a user needs to undo changes in managed systems with rollback action in Cayosoft Guardian.
Rolling back the changes of Distribution Lists and Memberships
When deleted, Exchange Online Distribution Lists are not moved to the Azure AD Recycle Bin and thus can't be recovered with the native tools. Cayosoft Guardian helps you recover a deleted Distribution List by re-creating the group object, converting it to the Distribution List using Exchange Online, and then restoring the group's membership.
How to perform the rollback of the Microsoft Exchange Distribution List (DL)
- In Cayosoft Guardian navigate to History > Change History.
- Enter the Distribution List name in the Quick Search bar.
- Find the Delete object event for this group and select it.
- Click Rollback.
- Wait for the Job completed successfully notification to appear in the Notifications area:
- When the restore job is completed, you see new change records added in the Change History: Undelete object and Add Azure AD group member(s).
- Open Office 365 Admin Center and observe the DL was restored with its membership:
Bulk rollback of changes to Azure AD/Office 365 users
When synchronizing user properties from an HR system or other source, there might be a situation when data become corrupted in the source system. In this case, incorrect changes need to be rolled back to their previous state. In native tools to revert these changes, you should find these users, identify the proper previous value, and then perform the change on each user individually.
How to roll multiple changes simultaneously back
- In Cayosoft Guardian, navigate to History > Change History.
- Search by modified property Mobile Number.
- Select these changes for multiple cloud-only user accounts by clicking the small circle to the left of each entry.
- Click Rollback.
- For each modified object, wait for the Job completed successfully notification to appear in the Notifications area:
- When the restore is completed, you will see new change records added to the list:
- Open Office 365 Admin Center and check that user phone numbers were restored to initial values.
Roll AD privileged group membership back
IT Administrators want to be notified in their Microsoft Team when privileged group membership is changed.
How to configure
Configure notifications about privileged group membership changes in Microsoft Teams. For details, please see Configuring notification channels article.
How to Roll back:
- When privileged group membership is changed, you will get a notification in Teams.
- Click the Click for details link.
- Sign-in to Guardian - you will be redirected to the privileged group membership change.
- Click Rollback.
- As a result of restore, the user, which was recently added to the privileged group, will be removed.
- Open ADUC and check that the user was removed from the group.
In any case, even if you don't have Teams connector configured, after adding a user to a privileged group you will get the alert in Guardian that a new member was added to the Domain Admins group. Also, such a change record will be marked with a red marker in the Change History list.
Roll membership in the hybrid group back
When you need to restore a hybrid group or group membership using native tools the administrator will need to follow several steps. First, user accounts should be added to the Active Directory group. Second, wait for Azure AD Sync runs or run it manually. Third, verify that the correct user accounts in the Azure AD/Office 365 were added to the synchronized group.
Cayosoft Guardian allows a single-click recovery across systems for complex hybrid scenarios like the recovery of a hybrid group membership. During the restoring of group membership, Guardian determines if it is a hybrid restore and performs restore in Active Directory at first and runs sync for Azure AD. Thus, you can perform a restore from a change record for any system: Active Directory and Office 365.
How to roll a hybrid group membership back
- In Guardian navigate to History > Change History
- In the Quick Search bar enter the user name that was removed from the group
- There will be two Remove from group events for this user account for Active Directory and Office 365.
- Select any of them and click Rollback
- Wait for the Job completed successfully alert to appear in the Notifications area
-
When the restore is completed, you will see new Add to group change records for both systems: Active Directory and Office 365.
- When restoring group membership, Guardian analyzes what kind of group it is. If it is a hybrid group, Guardian at first restores Active Directory group membership and then run Azure AD Sync to synchronize group membership in Office 365.
- Group membership is restored in a hybrid group.
Roll teams guest settings changes back
Cayosoft Guardian helps you to know about the modified team's guest settings and restore them.
How to configure
Guardian allows alerts configuration about Teams guest settings changes.
- In Guardian navigate to Alerting > Alerting Rules
- Select Teams guest settings changes rule
- Click Properties
- Uncheck Disabled
- Click Save
How to restore Teams settings
- When team guest permissions settings are changed you will see the alert in Guardian:
- In Guardian navigate to History > Change History
- In the Quick Search bar enter the team name whose settings have been changed.
- To exclude Office 365 group changes from the grid, apply filter Teams changes:
- Find Update properties event for this team. It will be marked with red.
- Click Restore
- Wait for the Job completed successfully notification to appear in the Notifications area:
- When the restore is completed, you will see new change record added to the list:
- In Microsoft Teams open team settings and check that the guest settings were restored.
Comments
0 comments
Please sign in to leave a comment.