OneDrive for Business former employee OneDrive access troubleshooting for department transfers: shows access denied

When a department transfer occurs, the former employee’s OneDrive for Business may become inaccessible to the new owner or manager, displaying an access denied message. This typically happens because OneDrive site permissions are not automatically updated during a user account change in Microsoft 365. In this article, you will learn how to troubleshoot the access denied error, restore access to the former employee’s OneDrive, and prevent similar issues during future transfers.

Why Access Denied Appears After a Department Transfer

The access denied error occurs because OneDrive for Business sites are tied to a specific user’s license and profile. When an employee transfers to a different department, their Microsoft 365 account may be renamed, deleted, or have its license reassigned. The OneDrive site retains its original permissions, which only grant access to the original user. If the account is deleted, the site becomes orphaned, and no other user can access it without administrative intervention.

Another common cause is the removal of the former employee’s user profile from the SharePoint User Profile Service. The SharePoint admin console manages OneDrive sites through user profiles. If the profile is deleted, the corresponding OneDrive site cannot be accessed, even by global admins, until the site is manually reassigned.

Role of the User Profile Service

The SharePoint User Profile Service stores a unique identifier for each user, which is linked to their OneDrive site URL. When a user is transferred or deactivated, the profile may be removed from the User Profile Service if the account is deleted from Azure Active Directory. Without this profile link, the OneDrive site becomes inaccessible and shows access denied for any new owner.

Permission Inheritance and Site Collection Ownership

OneDrive sites do not inherit permissions from the parent SharePoint tenant. Each site has its own permission set, with the original user as the Site Collection Administrator. During a department transfer, the new owner must be explicitly added as a Site Collection Administrator or given Full Control permissions. If this step is skipped, the new owner sees access denied.

Steps to Restore Access to a Former Employee’s OneDrive

1. Verify the former employee’s account status
   Open the Microsoft 365 admin center at admin.microsoft.com. Go to Users > Active users. Locate the former employee’s account. If the account is deleted, restore it within 30 days by selecting Deleted users > Restore user. If the account is active but blocked, unblock sign-in. The account must be active to proceed with the transfer.
2. Use the Transfer OneDrive tool
   In the admin center, go to Users > Active users. Select the former employee’s name. In the user details pane, choose OneDrive. Click Transfer OneDrive files. In the dialog, enter the new owner’s email address. Click Start transfer. Wait for the transfer to complete. This moves all files to the new owner’s OneDrive and grants the new owner access to the former employee’s OneDrive site.
3. Confirm the new owner has permissions
   After the transfer, open the SharePoint admin center at admin.microsoft.com/sharepoint. Go to More features > User profiles > Manage user profiles. Search for the former employee’s name. Ensure the profile shows as active. If the profile is missing, the transfer may not have fully completed. In that case, use PowerShell to add the new owner as a Site Collection Administrator on the former employee’s OneDrive site.
4. Use PowerShell to add the new owner as Site Collection Administrator
   Open SharePoint Online Management Shell as an administrator. Connect to SharePoint by running: Connect-SPOService -Url https://[tenant]-admin.sharepoint.com Replace [tenant] with your tenant name. Run: Set-SPOUser -Site https://[tenant]-my.sharepoint.com/personal/[former_employee_upn] -LoginName [new_owner_upn] -IsSiteCollectionAdmin $true Replace the URLs and UPNs with actual values. This grants the new owner full administrative access to the site.
5. Set the new owner as the primary site collection administrator
   If the former employee’s account is still active, you can change the primary administrator. Run: Set-SPOSite -Identity https://[tenant]-my.sharepoint.com/personal/[former_employee_upn] -Owner [new_owner_upn] This makes the new owner the primary owner of the OneDrive site. The former employee will lose ownership but can still access files if they have explicit permissions.

If OneDrive Still Shows Access Denied After the Transfer

The former employee’s OneDrive site URL is not accessible by any admin

If global admins receive access denied when navigating directly to the former employee’s OneDrive URL, the site may be orphaned. Use the SharePoint admin center to check for orphaned sites. Go to More features > Sites > Active sites. Search for the former employee’s OneDrive URL. If the site appears in the list, select it and click Permissions. Add the global admin account with Full Control. If the site does not appear, run the PowerShell command: Get-SPOSite -IncludePersonalSite $true | Where-Object {$_.Owner -eq $null} This lists orphaned sites. Use Set-SPOSite to assign a new owner.

Access denied for the new owner on specific files or folders

The transfer tool moves files but may not copy unique permissions on individual items. If the new owner can access the OneDrive site but sees access denied on certain files, those files have custom permissions. The new owner must take ownership of those items. Instruct the new owner to open the file in OneDrive, click Manage access, and add their account with Full Control. Alternatively, use the SharePoint admin center to break permission inheritance on the item and grant the new owner Full Control.

The new owner cannot see the transferred files in their own OneDrive

The transfer tool creates a folder named “Transferred from [former employee name]” inside the new owner’s OneDrive. If the new owner does not see this folder, the transfer may still be processing. Check the transfer status in the admin center under Users > Active users > [former employee] > OneDrive > Transfer status. If the transfer failed, ensure both accounts have active licenses and enough storage space. Re-run the transfer after resolving issues.

Transfer OneDrive Tool vs Manual Permission Assignment: Key Differences

Item	Transfer OneDrive Tool	Manual Permission Assignment
Description	Built-in admin tool that moves files to another user’s OneDrive and grants access	Manually adding the new owner as Site Collection Administrator without moving files
File location after action	Files are copied to the new owner’s OneDrive	Files remain in the former employee’s OneDrive
Permissions granted	New owner gets Full Control on the former employee’s site and owns the copied files	New owner gets Site Collection Administrator rights on the former employee’s site
Best for	Permanent departures or transfers where the former employee will not need access	Temporary access or when files must stay in the original location
Time to complete	Several minutes to hours depending on file size	Minutes
License requirement	Both users need active OneDrive licenses	Only the former employee needs an active license

After restoring access, confirm the new owner can open the OneDrive site and all files. Test by navigating to the former employee’s OneDrive URL directly. The new owner should see the full file list without any access denied errors. If issues persist, check the SharePoint admin center for any retention policies or compliance holds that may restrict access. Use the Microsoft 365 admin center to delegate OneDrive administration to a specific user, such as a department manager, to avoid future access problems during transfers.