Now that we understand that our identities and user objects are mastered in our on-premises AD structure rather than in the cloud, let's take a look at what happens when we delete a user and try and restore them again.

So, here on server with the AD Connect installed, we've got a list of users in AD here, about a hundred of them in total, and we have a user called Abel at the top there that we're going to use for this demo. And if we go over to the Azure console, we'll notice that we should have all of those in Azure Active Directory here. If we go to users we have all of those users listed out because they've been nicely synced up to our structure. And we have Abel at the top here on the list. 

So let's go to our on-premises AD and delete Abel. So there you go, she's gone. So what we need to do now is trigger a sync with AD Connect. So to do that we first go into our synchronization service manager here. And we can see that the synchronization is working successfully and go to a PowerShell prompt using a commandlet Start-ADSyncSyncCycle with the parameter Delta or policy type Delta against it in order to trigger that synchronization cycle now. 

So if we run that and go back to our synchronization service manager, we should see that those synchronization cycles are starting. And after a couple of moments, they should complete and our changes will be synchronized up to the cloud. 

Right, now that they're all complete if we go back to the Azure console again in Azure Active Directory and look at our users, after a couple of moments if we go to that and refresh, we should see Abel disappear from our list here. There we go, Abel has disappeared and Alejandro here is at the top of the list. 

But if we go to deleted users, we'll notice that Abel is in that list. And we could tick on this and restore the user but as she's synchronized from our on-premise directory and that's where it's mastered, we don't want to do that because it will cause a problem. 

So if we go back to our on-premise AD, we see that she's definitely not in the list, and we need to try and go and restore her. So if we go to server manager on our machine here, go to tools and run the active directory administrative center, we'll notice under domain on the left-hand side, we've got a selection for deleted objects. So if we click on that, we'll notice that we've got Abel in the list there of our deleted objects. 

So to restore her, we simply need to right-click, go to restore and that's done. So just to prove a point, if we go back to AD Users and Computers, do a refresh, there we go. Abel's back in the list again. So what we need to do now is run another sync cycle and hopefully she will re-appear again in Azure Active Directory. Once that's complete, just to prove a point we'll go back to all users in Azure Active Directory and there we go, Abel is back in our list of users here. And if we go to deleted users we've got an empty list because we've got no deleted users.