Chat now with support
Chat with Support

On Demand Recovery Current - Release Notes

Release Notes

Quest® On Demand Recovery

Release Notes

October 20, 2022

On Demand Recovery allows you to backup and restore Microsoft Azure Active Directory and Office® 365 objects with their properties. These objects can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes. Using the granular restore, objects that were inadvertently deleted or modified can be recovered in a few minutes.

Key features of On Demand Recovery

  • Back up Azure Active Directory and Office 365 users, groups, contacts, service principals, conditional access policies, and device information

    On Demand Recovery automatically backs up your directory on a regular basis.
  • Granular, selective restore of Azure Active Directory and Office 365 users, groups, service principals, conditional access policies, devices, inactive mailboxes for permanently deleted users

    Users, groups, service principals, and devices can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes.
  • Backup and restore Azure Active Directory B2C users and groups

    On Demand Recovery supports Azure Active Directory B2C tenants.

  • Restore users or Office 365 groups from the Recycle Bin

    Restore users and Office 365 groups that were inadvertently moved to the Recycle Bin.
  • Cloud solution: backup snapshots are stored in the cloud

    On Demand Recovery does not require to install or maintain any additional software.
  • Comparison reporting

    This feature lets you view differences between the selected backup and live Azure Active Directory or Office 365 and revert unwanted changes.
  • Integration with Recovery Manager for Active Directory
    On Demand Recovery can be integrated with Recovery Manager for Active Directory 9.0 or higher to restore on-premises objects that were synchronized with cloud by Azure AD Connect.

These release notes provide information about the On Demand Recovery release.

Topics:

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of this deployment.

General known issues

Known issue Issue ID (Jira) Issue ID (ADO)
If you restore two groups which are members of the third group which was deleted, the third group can be duplicated after the restore operation. This issue is applied only to non-Office Groups which support nesting. Workaround:To avoid this issue, the user needs either to restore groups one by one (order is not important) or restore all of them at once. RMAZ-18 ADO-226239
On Demand Recovery displays contacts in the backup statistics but does not support the restore of Contact objects. RMAZ-130 ADO-225195
Restore of changed user mail attributes such as mail, proxyAddress, targetAddress is not restored correctly if the object was hard deleted and not available in the Recycle Bin. RMAZ-136 ADO-352530
On Demand Recovery does not restore an Office 365 mailbox (either for user or for Office group) if it was permanently deleted. RMAZ-137 ADO-352531
On Demand Recovery does not restore Distribution List members and will display the error "Status: 400, Code: Request_BadRequest. Details: Unable to update the specified properties for objects that have originated within an external service." RMAZ-174 ADO-348192
If two users perform the unpack operation simultaneously with the selected "Clear objects" option in the same On Demand organization, one of the processed backups will not be unpacked (or will be partly unpacked). Workaround: Do not select the "Clear objects" option. Also, the restore operation may fail if the user is trying to unpack the backup that is currently processed by another user. RMAZ-270 ADO-225214
Old backups (backups that were created before you remove the tenant) are not shown in the On Demand Recovery user interface if the same tenant was removed and then added again. If you need to unpack, restore or delete old backups, please contact Quest Support. RMAZ-273 ADO-352537
Backup task does not check the Admin consent status, but if the Admin consent is not granted for the tenant, the following error occurs: "The identity of the calling application could not be established." RMAZ-315 ADO-352542
On Demand Recovery does not show the proxyAddresses attribute in the Differences view. RMAZ-338 ADO-352544
The restore operation from the Differences view may fail if you run Refresh before the restore operation is completed. RMAZ-352 ADO-352545
An incorrect (empty) object count may be displayed in the "details pane" of the Restore from Diff task. RMAZ-354 ADO-352546
If you enable Azure Multi-Factor Authentication (MFA), you should regrant Admin Consent for the On Demand Recovery module. Otherwise, you will get the following error during the restore operation: "Failed to refresh access token. StatusCode: 400. ErrorCode: interaction_required. Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access". RMAZ-405 ADO-352553
On Demand Recovery does not support backup and restore of Azure Active Directory tenants created in Azure Germany, or U.S. Government. RMAZ-566 ADO-352561
Restore of more than 10000 objects using one task may result in poor performance. RMAZ-576 ADO-352562
On Demand Recovery does not restore MFA authentication methods for a hard deleted user if the mobile application was assigned to this user. NOTE: If any of the following Voice Call/SMS/Office Phone was set up as an authentication method for a user, On Demand Recovery will restore all MFA data for this user. RMAZ-777 ADO-352568
On Demand Recovery does not support MFA enabled accounts for backup creation. To set the account password to never expire, use the following PowerShell command: Set-MsolUser -UserPrincipalName <name of the account> -PasswordNeverExpires $true For more details, refer this article https://support.office.com/en-us/article/set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466 RMAZ-779 ADO-352569
If you restore a permanently deleted user with the enabled Self-Service Password Reset option, Multi-Factor Authentication methods will be displayed as not verified after restore. RMAZ-798 ADO-352570
On Demand Recovery does not restore the conditional access policy "Baseline policy: Require MFA for admins". RMAZ-998 ADO-359281
A tenant verification failed message appears when user adds tenant to On Demand Recovery (Core only). N/A ADO-264595

Hybrid only known issues

Known issue Issue ID (Jira) Issue ID (ADO)
Granular restore of object membership from the Differences view is not supported. Workaround: Go to the Objects view, find the group that you want to restore and select the member attribute in the attribute list to restore links. RMAZ-252 ADO-225173
Some attributes of on-premises objects (e.g. "ipPhone, "pager", "info", "homePhone") are mapped by Azure AD connect but are not shown in the Differences view and cannot be applied to cloud-only users. On Demand Recovery restores these attributes for on-premises objects only. RMAZ-308 ADO-352539
Cannot download hybrid credentials with the Error 404 "Not found" may occur. This issue occurs if you try to get credentials right after the registration - it takes about one minute to create the Relay credentials. RMAZ-311 ADO-352541
If the same on-premises object is selected in different unpacked backups on the Objects view, On Demand Recovery will perform the hybrid restore of the object on the first selected backup date. RMAZ-355 ADO-352547
If multiple objects are selected for restore and there is Directory Synchronization Service Account among them, the restore operation will fail for all objects with the error "Failed on-premise restore. Error: Value cannot be null". RMAZ-358 ADO-352548
Hybrid restore (from Objects or Differences view) uses attribute values from the on-premises backup. So, these values may be different from the corresponding values shown in the Differences or Objects view. RMAZ-373 ADO-352551
Restore of the usageLocation cloud attribute does not work for the "Exchange Hybrid" scenario. RMAZ-457 ADO-352554
A restore of a hybrid cloud user that was permanently deleted may fail, if Azure AD Connect cannot synchronize the newly created user from the on-premises Active Directory to the cloud. Workaround: Force Azure AD Connect initial synchronization to fix this issue, then restart the restore operation. RMAZ-485 ADO-352559

If a user does not have the service account for the tenant, On Demand Recovery cannot restore permanently deleted service principals provisioned from Azure Gallery. Workarounds:

  1. Install the corresponding application from Azure Gallery once again to re-create the service principal object.
  2. Install SSL certificates for the application.
  3. Configure single sign-on (SSO) options for the service principal (if any).
  4. After that, On Demand Recovery will be able to apply properties from the backup.
RMAZ-690 ADO-352565
Cannot restore cloud attributes for a permanently deleted user in hybrid scenario after the user was recreated by Azure AD Connect. The following error will arise: "Another object with the same value for property userPrincipalName already exists " RMAZ-720 ADO-352566
On Demand Recovery cannot restore the onPremisesDistinguishedName property for permanently deleted users in hybrid scenario. In this case you will get the following error message: "Property 'onPremisesDistinguishedName' is read-only and cannot be set" error. RMAZ-721 ADO-352567
Hybrid restore may fail with the following error: "The ChannelDispatcher at 'sb://backupaad-rmaz-hybrid-us.servicebus.windows.net/org-f555beae-38fa-4d0a-b502-08c4b93b01da' with contract(s) 'HybridRestoreServiceContract' is unable to open its IChannelListener". Workaround: Restart the Recovery Manager Hybrid Connect service. RMAZ-907 ADO-352573

Import-Module ADSync command may not work correctly on the Azure AD Connect host. Workarounds:

  • Make sure that Import-Module is available globally on the Azure AD Connect host.

    -OR-
  • Сopy the AADSync.psm1 file manually from the Recovery Manager Portal machine to the PowerShell default folder on the Azure AD Connect host.
RMAZ-931 ADO-352574
On Demand Recovery does not support backups dated before October 2019. N/A ADO-394268

Quest Migration and Management Platform known issues

Known issue Issue ID
You may see a "white screen" instead of spinning preloader when starting On Demand Recovery. QMMP-74
The "Select all" option does not work properly in the "Select attributes" dialog that opens when you click Browse in the Restore Objects dialog. If you select the "Select all" check box, all attributes will be selected, but will not be restored. QMMP-130
Invalid sorting of data by 'Task Name' and 'Object Name' fields in the Events view. QMMP-142
Resizing issue: Shows gray overlay on small displays when the side bar was initially in the expanded state. QMMP-159
Scrolling hangs if there are more than 10000 objects in a list. Workaround: Use sorting or filtering option to narrow your search scope. QMMP-177, QMMP-182
The timelines on the Events and Backups show incorrect results if you select an interval in the timeline and then click any date range link on the left side of the screen. QMMP-184
If you work with Internet Explorer 11, dialogs launched from the Differences and Dashboard screens may show controls from the lower layer. Workaround: Resize the browser window. QMMP-201
Details panel on the Objects view shows tasks in a random order. QMMP-221
On the Dashboard view, if you click on any specific status in the objects widget, you will be redirected to the Objects view with this status as a filter. Then, if you go back to Dashboard and click on the widget title (total number of objects), you will be redirected to Objects with the previous status filter. QMMP-228

Release History

The following lists the new features and resolved issues by deployment.

Current Deployment

Release 1.5.93 (October 20, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restoration of multiple users (more than 3) with a mailbox fails. N/A ADO-391323
Unpacking can be started when no backups has been created. N/A ADO-371726

Previous Deployments

Release 1.5.92 (September 29, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Support of Exchange Online modern authentication for difference restore operation. N/A ADO-384591
Support mailbox restore for Exchange Online and modern authentication - basic authentication deprecated. N/A ADO-384601

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Validate connection hangs in Manage Tenant dialog. N/A ADO-367197

Release 1.5.91 (September 20, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Lost backup monitor runs for 20+ hours due to increased retry attempts. N/A ADO-385655
AU tenant not displaying under Manage Backups and backups fail. N/A ADO-385072

Release 1.5.90 (September 16, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
SharePoint Online requests require longer timeout. N/A ADO-385275

Release 1.5.89 (September 16, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup failed with ''NoneType' object is not subscriptable' error. N/A ADO-385203

Release 1.5.88 (September 15, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Update from Azure AD Graph API to Microsoft Graph API. N/A ADO-380999

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
WhiteSource vulnerability: lxml 4.6.5 - upgrade to version lxml 4.9.1. N/A ADO-372947
WhiteSource vulnerability: azure.storage.blob 12.10.0 - upgrade required. N/A ADO-376129
Invalid notification process for expired subscriptions and handling of data. N/A ADO-377289
If objects from different tenants were selected, the restore button should not be visible. Select only objects from a single tenant to restore. N/A ADO-379980
Task fails when roles are assigned to a service account via a group. N/A ADO-381764
Unable to read default policy for service principal and backup fails. N/A ADO-382912

Release 1.5.86 (July 12, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Enhancement to hybrid connection settings. N/A ADO-364499

Release 1.5.85 (June 30, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Unpacking fails for 8e205ff5-4a4a-e38d-0925-70aecc8b6ffc. N/A ADO-371256

Release 1.5.84 (June 07, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Lost backups monitor is not handling exceptions properly. N/A ADO-326952

Release 1.5.82 (May 17, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Added option to perform differences operation during unpack. N/A ADO-349822
Enhanced the existing restore process to only read backup files that contain relevant data. N/A ADO-329253

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Saving customer credentials may fail due to changes in Azure KeyVault behavior. N/A ADO-328010

Release 1.5.80 (March 31, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Added fix to unpack and restore group with contacts. N/A ADO-346179

Release 1.5.75 (January 27, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid user restore from Recycle Bin will programmatically set user GivenName into different value. N/A ADO-319713

Release 1.5.72 (December 16, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Error during restore of AppRoles due to service principal object. Error was not displayed in the UI. N/A ADO-314295

Release 1.5.71 (November 30, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid restore: Clearing up "ReadOnly" Hybrid Object attributes for soft deleted user. N/A ADO-316891
Backup failures related to changes in Graph API. N/A ADO-320114

Release 1.5.69 (November 04, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restore on-premises objects source and directory synced displayed incorrect information. N/A ADO-251281

Release 1.5.66 (September 28, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
An error displays that cannot update the default conditional access policy. N/A ADO-262144

Release 1.5.65 (July 20, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hard deleted group/user did not reflect in Differences tab. N/A ADO-265552
Differences tab hangs when the user clicks refresh. N/A ADO-265263/ADO-238672

Release 1.5.63 (June 23, 2021)

New features

Feature Issue ID (Jira) Issue ID (ADO)
When deleting a group, all links that were affected by this action are shown in the Differences report, e.g. Azure AD group membership, SharePoint groups membership, conditional access policies, group owners, and application assignments. N/A ADO-351389

Release 1.5.60 (June 01, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The backup configuration dialog does not behave properly when incorrect credentials provided. N/A ADO-261437

Release 1.5.59 (May 18, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Issue with running backup when no tenant selected. N/A ADO-258581
Policies not always restored due to caching of objects. N/A ADO-258490

Release 1.5.57 (May 04, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
A notification was not sent after a missed backup due to timeout of services. N/A ADO-255103
Hard deleted user failed to add owner to Service Principal due to insufficient privileges. N/A ADO-248651
Configure backup dialog was unable to open for B2C clients. N/A ADO-255021

Release 1.5.56 (April 29, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restoration of a deleted user had failed. N/A ADO-254604
Multi-factor authentication status was incorrect when restoring multi-factor authentication settings. N/A ADO-234914
Service Principal restore did not reference a valid application object. N/A ADO-252945
Intermittent backup failures occurred for unknown reason. N/A ADO-257344

Release 1.5.55 (March 23, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
SharePoint user is not created during the restore operation. N/A ADO-251607
On Demand Recovery displays timeout error. N/A ADO-251978

Release 1.5.53 (March 16, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Fixed the discrepancy between data reported from the Backup tab and the Unpacked tab. N/A ADO-248218

Release 1.5.46 (January 25, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Failed backup event and email notification. N/A ADO-226221
Changes in appRoles are not shown in Differences. N/A ADO-226199
Differences report did not show conditional access policy change. N/A ADO-225252
Role assignment is not restored for single sign-on applications. RMAZ-691 ADO-225247

Release 1.5.45 (January 12, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Difference report: The deleted conditional access policy may fail to appear. N/A ADO-234723

Object search functionality did not work correctly when partial criteria was entered.

N/A ADO-234912
Linking hard deleted user to service principal owner or application owner gave insufficient permission error. N/A ADO-235423
Restoration of user failed due to invalid location. N/A ADO-225236

Release 1.5.39 (December 01, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Backup failing due to the deletion of a tenant

N/A ADO-228850

Release 1.5.35 (November 03, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)

On the Unpacked Objects tab, there is now a Mail Enabled filter. This allows you to filter by users and groups who do or do not have a mailbox.

RMAZ-1626 ADO-216080

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Changes made to appRoles attributes were not displayed in the Differences report.

RMAZ-1084 ADO-348200

Release 1.5.34 (October 05, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Made adjustments to the Application Proxy backup and restore feature to compensate for the modification that Microsoft made to an API endpoint.

RMAZ-1623 ADO-348180

Release 1.5.33 (October 01, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Second restore of hard deleted user unable to complete due to more than one user being found when matching.

RMAZ-1606 ADO-348179

Release 1.5.32 (September 24, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)

From this version, On Demand Recovery restores Azure AD Application Proxy applications.

RMAZ-1335 ADO-348241
Application Proxy settings can be restored from the Differences report. RMAZ-1435 ADO-348286

Release 1.5.31 (August 27, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
On Demand Recovery can restore/validate application role assignments that have invalid IDs. RMAZ-1436 ADO-348287

Release 1.5.29 (August 13, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)
From this version, On Demand Recovery restores gallery applications using Beta API. RMAZ-1559 N/A

Release 1.5.26 (July 28, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
On Demand Recovery may display wrong timestamps for hybrid objects on the Events screen. RMAZ-1482 ADO-348305

Release 1.5.25 (July 23, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The Hybrid restore operation does not randomly restore some hybrid attributes. RMAZ-1443 ADO-348172

Release 1.5.22 (June 30, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup creation can fail when getting a password from Azure Key Vault. RMAZ-1452 ADO-348174
Hybrid recovery from encrypted backups does not work. RMAZ-1448 ADO-348173

Release 1.5.21 (June 18, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid recovery stability has been improved. RMAZ-1317 ADO-348157

Release 1.5.20 (June 16, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Improved stability of On Demand Recovery backups. RMAZ-1442 ADO-348171

Release 1.5.18 (June 09, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The ssoSettings attribute of a service principal cannot be restored for the corresponding non-gallery Application. RMAZ-1432 ADO-348170

Release 1.5.17 (June 02, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup settings did not display correctly in the "Create backup" dialog due to a problem with the empty 'created' field. RMAZ-1428 ADO-348169

Incident response management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. On Demand modules rely on Azure and AWS infrastructure and as such is subject to the possible disruption of these services.

You can view the following status pages:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating