OneDrive for Business former employee OneDrive access troubleshooting for contractor cleanup: shows access denied

When a contractor or former employee leaves your organization, you may need to access their OneDrive for Business files to complete a cleanup or transfer ownership. However, when you try to open that user’s OneDrive, you see an “Access Denied” error even if you are a global admin. This error occurs because OneDrive permissions are not automatically granted to administrators after the user account is deleted or blocked. This article explains the root cause of the access denied message and provides step-by-step methods to regain access to a former employee’s OneDrive using the Microsoft 365 admin center, PowerShell, or the SharePoint admin center.

Why OneDrive Shows Access Denied for a Former Employee

When a user account is deleted or blocked in Microsoft 365, the OneDrive site for that user enters a special state. The site itself still exists, but the default permission inheritance is removed. By design, no admin account automatically receives access to that site. The only way to gain access is through specific administrative actions. The access denied message appears because your account lacks explicit permissions on the OneDrive site collection. The site is not deleted; it is simply locked from standard browsing until an admin explicitly grants themselves access.

Key Technical Details

The OneDrive site collection for a deleted user retains a unique permission set. The user who owned the site is removed from the site collection administrators group. The site is not indexed by search results for other users. Only global admins or SharePoint admins can perform the steps to add themselves as site collection owners. The site remains in this state for 30 days after account deletion, after which it is moved to the recycle bin and then permanently deleted after 93 days total.

Steps to Access a Former Employee’s OneDrive

Use one of the following methods to grant yourself access. You must be a global admin or SharePoint admin in Microsoft 365 to perform these steps.

Method 1: Give Access via the Microsoft 365 Admin Center

1. Sign in to the Microsoft 365 admin center
   Go to https://admin.microsoft.com and sign in with your global admin account.
2. Navigate to Active users
   In the left navigation, select Users then Active users. If the former employee is deleted, they will not appear here. You must restore the user first or use another method.
3. Restore the deleted user if needed
   Select Deleted users in the left navigation. Find the former employee’s account and click Restore. Wait for the restore to complete. This brings back the user account in a blocked state.
4. Open the user’s profile
   In Active users, click on the restored user’s name. In the flyout panel, select the OneDrive tab.
5. Click Give access to OneDrive
   Under “Give access to files”, click Give access to OneDrive. A dialog appears. Enter your own email address or the email of another admin who needs access. Set the duration to 30 days or a custom value up to 30 days. Click Add.
6. Access the OneDrive site
   After a few minutes, open the OneDrive URL: https://[tenant]-my.sharepoint.com/personal/[user]_[domain]_com. You should now see the files. If the user is deleted again after you finish, you will lose access unless you use the SharePoint admin center method.

Method 2: Use the SharePoint Admin Center for Permanent Access

1. Sign in to the SharePoint admin center
   Go to https://admin.microsoft.com/SharePoint and sign in with your global admin account.
2. Open More features
   In the left navigation, select More features. Under “User profiles”, click Open.
3. Manage user profiles
   In the User profiles page, under the People tab, click Manage user profiles. Search for the former employee’s name or email. The user may appear with a status of “Deleted” or “Blocked”.
4. Find the OneDrive site URL
   Click the user’s name. In the details pane, look for the Personal site URL. Copy this URL. It will look like https://[tenant]-my.sharepoint.com/personal/[user]_[domain]_com.
5. Add yourself as a site collection admin
   Open the OneDrive URL in a new browser tab. You will likely see access denied. Append /_layouts/15/people.aspx?MembershipGroupId=0 to the URL. This opens the site permissions page. Click Site permissions then Advanced permissions settings. In the ribbon, click Site Collection Administrators. Add your account and click OK.
6. Confirm access
   Close the permissions page and navigate to the root OneDrive URL. You should now have full access to all files and folders.

Method 3: Use PowerShell for Bulk or Remote Access

1. Install the SharePoint Online Management Shell
   Open Windows PowerShell as administrator. Run Install-Module -Name Microsoft.Online.SharePoint.PowerShell. If prompted, confirm the installation.
2. Connect to SharePoint Online
   Run Connect-SPOService -Url https://[tenant]-admin.sharepoint.com. Sign in with your global admin account.
3. Get the OneDrive site URL
   Run Get-SPOSite -IncludePersonalSite $true -Filter "Url -like '-my.sharepoint.com/personal/'" -Limit all | Select-Object Url. Find the URL for the former employee. Note the exact URL.
4. Add yourself as a site collection admin
   Run Set-SPOUser -Site "" -LoginName "admin@tenant.com" -IsSiteCollectionAdmin $true. Replace the URL and login name with your own.
5. Verify access
   Run Get-SPOSite -Identity "" | Select Owner, SecondaryOwner. Your account should appear as an owner. You can now open the OneDrive URL in a browser.

If OneDrive Still Shows Access Denied After the Main Fix

The user account was permanently deleted

If the user account was deleted more than 30 days ago, the OneDrive site may already be in the first-stage recycle bin. Go to the SharePoint admin center > Recycle bin. Look for the OneDrive site by name. If it is there, restore it. Then follow Method 2 or 3 to add yourself as a site collection admin.

The OneDrive site was deleted and purged

If the site is not in the recycle bin, it has been permanently deleted. You cannot recover it. In future, set up a retention policy for OneDrive sites in the Microsoft 365 compliance center to preserve data for a longer period.

You see “Something went wrong” instead of access denied

This usually means the OneDrive site URL is incorrect or the site was never provisioned. Verify the personal site URL from the user profile in SharePoint admin center. If the user never created a OneDrive, no site exists to access.

Give Access via Admin Center vs Site Collection Admin: Key Differences

Item	Admin Center Give Access	Site Collection Admin via SharePoint
Duration of access	Up to 30 days, then automatically removed	Permanent until manually removed
User account required	User must be in Active users (restored if deleted)	User can be deleted or blocked
Permission level granted	Site collection admin for the specified duration	Full site collection admin
Interface location	Microsoft 365 admin center > Users > Active users > user profile > OneDrive tab	SharePoint admin center > More features > User profiles > Manage user profiles
Best for	Quick cleanup within 30 days of departure	Long-term data migration or legal hold

Use the admin center method for short-term access during contractor offboarding. Use the site collection admin method when you need to keep access for more than 30 days or when the user account is already permanently deleted.

You can now access a former employee’s OneDrive by using the Microsoft 365 admin center for temporary access or the SharePoint admin center for permanent access. After gaining access, move the files to a shared location or archive them using the OneDrive sync app or the SharePoint Migration Tool. For future contractor offboarding, create a standard operating procedure that includes adding a site collection admin before deleting the user account. This prevents access denied errors and keeps your data cleanup process on schedule.