The Google for Education Community Platform

alexgrutza · ‎03-28-2025

Can I just say how frustrating it is that when a user is deleted in Google, that even after the 20 days to be able to restore them, GAM still sees their data but can't do much with restoring it?

Vault and the "recently deleted users" area both state the account doesn't exist (clearly) so we can't restore them.

But their files are still there as GAM can see them and get info on them, it just can't always restore them

I have had luck restoring one time an entire My Drive where Vault stated they were deleted.

It's just frustrating that the data is still there but can't be restored..

--
CISSP | LinkedIn | @Phyxiis

alexgrutza · ‎03-28-2025

Point being that a user was deleted 2/28, and today others put in tickets saying they lost access to some shared files (why wouldn't they host them in a shared drive? good question). They were able to give me the URL so I grabbed the FileID and attempted to transfer ownership via GAMADV, but nothing was able to restore the file this time.

Previously, similar situation, and with the URL I was able to restore the file or transfer the My Drive to another account - the details are fuzzy, but I do know Vault/Admin dashboard had no record of the account to be able to restore.

So it's frustrating that the data is there in both situations, and was only able to restore one scenario

--
CISSP | LinkedIn | @Phyxiis

kaned · ‎03-28-2025

I am working on revamping my off boarding process to help with this exact situation.

1. Set up trust rules to tag all documents for users in an OU #1 with a scary tag/label: "Documents Slated for deletion: Contact IT"
2. Offboard users go into OU #1 and are disabled. This scares people and tags all documents. Leave them in here until your heart is content!
3. Set up trust rules for OU #2 to unshare all documents for users placed here.
4. After X days, we place them in OU #2 and keep them for 7 years.

We are in the process of our initial implementation and have tagged all documents. We are working to identify those documents within departments and move them to shared drives (where they likely should have been to begin with).

JantechNJ · ‎03-28-2025

I had a similar situation last year. Google stated that as long as the account was deleted within the last 30 days, I could restore the account and move the Drive files. It was only 2 weeks past deletion date and I was able to find and restore the account and move the files.

Now I see you only have 20 days as per the help doc. Can you see the deleted user's account and just not restore it? If that's the case, are you using a backup option like Kaseya?

alexgrutza · ‎03-28-2025

When I run gam to find info on the user they don't exist, the admin dashboard doesn't show them in the recently deleted, and vault doesn't have them either. I only am able to see the files the account owned as still available, just can't restore it in this situation. The other situation last year I was able to restore the files by restoring the actual deleted account, even though they were not showing in recently deleted or vault.

Perhaps it was during the transition from 30 (or 28?) days to 20 days now

--
CISSP | LinkedIn | @Phyxiis

Kim_Nilsson · ‎04-01-2025

The 20 days for restoring a deleted user hasn't changed in a very long time.

I can't even remember a time when it wasn't 20 days.

Restoring deleted user Drive data was also always 25 days, never 30.

With Vault, the amount of time one can recover user-deleted data can be extended to infinity, as long as the user account still exists. When a user account is permanently deleted (after 20 days), then Vault purges their data irrevocably. However, this purge process runs with a delay of 30 days, unless you've set specific retention rules to purge faster.

Also, Vault is not a backup service and can not under any circumstances restore any data at any time!

What Vault can do is export the retained data in MS Office compatible formatted files or PDFs.

I'm not sure any of this helps anyone in this thread, apart from serve as yet another warning to not delete users with content that should have been stored in a shared drive. 🙂

--
https://wheretofind.me/@NoSubstitute

alexgrutza · ‎04-01-2025

In a perfect world/organization I would agree, but even then people will be people and store department data in their My Drive because it's "easier" or whatever other rationale...

My vent is that the data is still there and I have previously recovered data in a similar situation, but this time I cannot, even though GAM sees the data. GAM saw it in the previous situation as well and was able to restore it.

I'm not too bent out of shape, I believe users data is their responsibility to keep organized and backed up (when outside of an IT-backed up area, ie. shared drive or file server), not an IT issue.

We don't have a backup for Drive but are looking at potential options for just Shared Drives. As we do similarly with our on-prem windows file server (we have no backups for end-user workstations folders, as we shouldn't).

--
CISSP | LinkedIn | @Phyxiis

The Google for Education Community Platform

[Vent] Restoring deleted google users past 20 days not possible... but GAM showing the data is there