OneDrive Access Denied After Restoring a Deleted User

You restored a deleted Microsoft 365 user account, but now that user sees an Access Denied error when trying to open OneDrive files or the OneDrive sync app fails to connect. This happens because the restored user’s security token and OneDrive site permissions are not automatically re-linked by Microsoft 365. This article explains why the access token breaks during deletion and restoration, and provides four specific methods to fix the OneDrive Access Denied error so the user can regain access to their files.

Why OneDrive Shows Access Denied After a User Restore

When a Microsoft 365 user account is deleted, the user’s OneDrive site is preserved for 93 days, but the user object in Azure Active Directory is removed. The OneDrive site’s permission list still contains the user’s old security identifier, but that SID no longer matches any active account. When you restore the user from the Deleted users list in the Microsoft 365 admin center, Azure AD generates a new SID for the restored account. The old SID on the OneDrive site does not automatically update to the new SID. As a result, SharePoint and OneDrive see the restored user as an unrecognized principal and deny access.

The OneDrive site itself remains online, and other users who had explicit permissions can still access shared content. Only the restored user’s own My Site and personal library are locked. Microsoft 365 does not run any automatic re-linking process when you restore a user. The system expects an admin to manually re-link the user profile to the OneDrive site. Without this step, the user sees Access Denied in the browser, in the OneDrive sync app, and in Office applications that try to open cloud files.

The 93-Day Retention Window

Deleted users’ OneDrive sites are kept for 93 days. During this period, the site is accessible only to the global admin and SharePoint admin. After 93 days, the site is permanently deleted. If you restore the user after the 93-day window, the OneDrive site no longer exists and you cannot recover the files at all. For a restored user to access their OneDrive, the restoration must happen within the retention period.

Steps to Fix OneDrive Access Denied for a Restored User

Use one of the four methods below. Method 1 is the fastest and most reliable. Methods 2 and 3 are alternatives when the SharePoint admin center is not available. Method 4 is the last resort if the user profile is still broken.

Method 1: Re-link the User Profile in SharePoint Admin Center

1. Open the SharePoint admin center
   Go to https://admin.microsoft.com/SharePoint and sign in as a global admin or SharePoint admin.
2. Navigate to User profiles
   In the left navigation, select More features, then under User profiles, select Open.
3. Manage user profiles
   On the User profiles page, select Manage user profiles.
4. Find the restored user
   In the Find user profile box, type the restored user’s display name or email address and select Find.
5. Edit the profile
   Select the user’s name, then select Edit from the toolbar.
6. Re-link the OneDrive site
   Scroll to the Personal site section. In the Personal site URL field, enter the user’s OneDrive URL in this format: https://yourtenant-my.sharepoint.com/personal/username_yourtenant_onmicrosoft_com. Replace yourtenant with your tenant name and username with the user’s email prefix. Select Save.
7. Verify access
   Ask the user to sign out and sign back into OneDrive. The Access Denied error should be gone.

Method 2: Use SharePoint Online Management Shell

1. Install the SharePoint Online Management Shell
   If you do not have it, download and install the module from the Microsoft Download Center.
2. Connect to SharePoint Online
   Open Windows PowerShell as an administrator and run Connect-SPOService -Url https://yourtenant-admin.sharepoint.com. Sign in with a global admin account.
3. Restore the OneDrive site owner
   Run this command:
   Set-SPOTenant -RestoreUserOneDrive <user@yourtenant.com>
   Replace <user@yourtenant.com> with the restored user’s email address.
4. Wait and verify
   The command can take up to 24 hours to take effect. After that time, ask the user to sign in to OneDrive and check access.

Method 3: Manually Grant Site Collection Admin Access

1. Open the OneDrive admin center
   Go to https://admin.onedrive.com and sign in as a global admin.
2. Find the user’s OneDrive
   In the left navigation, select Users, then search for the restored user. Select the user’s name.
3. Give site collection admin access
   In the user details pane, select Give access. Add the restored user’s email address and set the permission level to Site collection administrator. Select Save.
4. Test access
   The user can now sign in to OneDrive directly using the URL https://yourtenant-my.sharepoint.com/personal/username_yourtenant_onmicrosoft_com.

Method 4: Remove and Re-add the User as a Site Owner

1. Open the OneDrive site as admin
   Go to the user’s OneDrive URL and sign in as a global admin.
2. Access site permissions
   Select the gear icon, then Site permissions. Under Site owners, select the restored user’s entry and remove it.
3. Add the user back
   Select Add members, then Add members to group. Choose Owners, type the user’s email, and select Share.
4. Confirm access
   The user should now see their files without the Access Denied error.

If OneDrive Still Has Issues After the Main Fix

OneDrive Sync App Shows Access Denied After Profile Re-link

The sync app caches the old token. Open the OneDrive sync app settings, select Account, then select Unlink this PC. Sign back in using the restored user’s credentials. This forces the sync app to request a new token and recognize the restored permissions.

Restored User Cannot Access Shared Files from Other Users

Shared file permissions are stored separately from the OneDrive site owner list. If the restored user cannot open a file shared by another user, go to the shared file’s location and re-share it. The old share link uses the old SID and does not work after the restore. The sharing owner must remove the restored user’s old entry and add the restored user again.

OneDrive Site Appears as a New Empty Site

If the restored user’s OneDrive site was already deleted by the 93-day retention policy, the site cannot be recovered. The user will see a blank OneDrive. In this case, the only option is to restore the user’s files from a backup or from a previous version if the files were synced to a local device.

User Restore Method vs OneDrive Access Outcome

Item	Restore from Deleted Users (Azure AD)	Restore with PowerShell (Set-SPOTenant)
Effect on OneDrive	No automatic re-link; SID mismatch causes Access Denied	Re-adds the user as site owner on the existing OneDrive site
Time to implement	Immediate but requires manual profile edit	Up to 24 hours for the change to propagate
Admin tool required	SharePoint admin center or OneDrive admin center	SharePoint Online Management Shell
Success rate	High when the site is within the 93-day window	High but slower than manual re-link

Restoring a user from Azure AD always requires a secondary step to reconnect OneDrive. Using the SharePoint admin center profile edit is the fastest method. PowerShell is useful for bulk operations. The OneDrive admin center manual grant works when the site exists but the user is not listed as an owner.

After you complete one of the four methods, the restored user can access their OneDrive files normally. To prevent this issue in the future, consider using the Microsoft 365 admin center’s Restore user workflow that includes the OneDrive re-link step. You can also set up a retention label for OneDrive files so that content is preserved even if the user account is deleted. The quickest fix is always the SharePoint admin center profile edit, which takes less than five minutes.