When a former employee’s OneDrive for Business account is deleted or disabled, attempts to access executive files stored in that account often return an access denied error. This happens because the account no longer exists in Microsoft Entra ID and the sharing permissions are revoked automatically. The executive files remain in the former employee’s OneDrive but are not directly accessible through normal sharing links or direct sign-in. This guide explains why the access denial occurs and provides the exact steps to recover those files using Microsoft 365 admin tools.
Key Takeaways: Recover Executive Files from a Former Employee’s OneDrive
- Microsoft 365 admin center > User management > Deleted users: Restore the former employee account within 30 days to regain access to OneDrive files.
- SharePoint admin center > More features > User profiles > Manage user profiles: Assign yourself as the site collection admin of the former employee’s OneDrive site to bypass access denied errors.
- Microsoft 365 admin center > Setup > Org settings > OneDrive > Retention: Set OneDrive retention to at least 30 days to prevent permanent data loss after employee departure.
Why Access Denied Appears for Executive Files in a Former Employee’s OneDrive
When an employee leaves the organization, an admin typically deletes or disables their Microsoft 365 user account. This action removes the user object from Microsoft Entra ID and revokes all access tokens, licenses, and sharing permissions associated with that account. Any files stored in the employee’s OneDrive for Business remain in the site collection, but the original owner no longer exists to grant permissions.
Executive files are often shared with the former employee through direct sharing links or co-authoring permissions. Once the account is deleted, those permissions are invalidated because the security principal (the user account) no longer exists in the directory. The files themselves are not deleted immediately; they are moved to the OneDrive recycle bin and eventually to the site collection recycle bin if the account deletion triggers the retention policy.
The access denied error occurs in two common scenarios:
- An executive tries to open a file shared from the former employee’s OneDrive and receives “Access Denied” or “You don’t have permission.”
- An admin attempts to browse the former employee’s OneDrive via the SharePoint admin center and sees “Sorry, this site hasn’t been shared with you.”
The root cause is the missing user object. Without the user object, Microsoft 365 cannot resolve the sharing permissions, and the files become orphaned. The fix requires re-establishing administrative access to the site collection or restoring the user account temporarily.
Steps to Fix Access Denied and Recover Executive Files
Follow these steps in order. If the account was deleted within the last 30 days, start with Step 1. If the account was deleted more than 30 days ago, skip to Step 2.
Method 1: Restore the Deleted User Account
- Open the Microsoft 365 admin center
Go to https://admin.microsoft.com and sign in with a Global admin or User management admin account. - Navigate to Deleted users
In the left navigation, select Users then Deleted users. A list of users deleted within the last 30 days appears. - Select the former employee
Find the former employee’s display name and click it. The user properties pane opens. - Restore the user
Click Restore user. Confirm the restore action. The account is reactivated, and the user object is re-created in Microsoft Entra ID. This process takes up to 24 hours for all permissions to propagate. - Verify access to OneDrive
After the account is restored, the executive can access the shared files again using the original sharing link. The admin can also browse the former employee’s OneDrive by navigating tohttps://[tenant]-my.sharepoint.com/personal/[user_principal_name].
Method 2: Assign Yourself as Site Collection Admin of the Former Employee’s OneDrive
Use this method if the account cannot be restored (deleted more than 30 days ago) or if you need immediate access without restoring the user.
- Open SharePoint admin center
Go to https://admin.microsoft.com/SharePoint and sign in with a Global admin or SharePoint admin account. - Go to More features
In the left navigation, select More features. Under User profiles, click Open. - Manage user profiles
In the User profiles page, under People, click Manage user profiles. A search box appears. - Find the former employee’s profile
Type the former employee’s full name or user principal name in the search box and click Find. The profile appears in the results. - Open the OneDrive site collection
Hover over the profile and click the dropdown arrow. Select Manage site collection owners. A new window opens with the site collection URL. - Add yourself as a site collection admin
In the Site Collection Administrators box, type your email address and click Add. Click OK. You now have full control over the former employee’s OneDrive site. - Browse and recover files
Open the site collection URL in your browser. You can now view, download, or move the executive files to a different location. Use the document library to copy files to a secure executive folder or to another OneDrive.
If Access Denied Persists After These Fixes
The OneDrive Site Collection Was Deleted
If the user account was deleted more than 30 days ago and the OneDrive site collection retention period has expired, the site collection itself may be permanently deleted. In this case, recovery is not possible through admin tools. Check the SharePoint admin center under Deleted sites to see if the site collection still exists in the second-stage recycle bin. If it is there, you can restore it within 93 days of deletion by selecting the site and clicking Restore.
The Executive Files Were Shared via External Sharing
If the executive shared files with the former employee using external sharing links that require sign-in, those links will also fail after the account deletion. The only way to recover those files is through the administrative access methods described above. After gaining access, re-share the files using new sharing links from the executive’s own OneDrive or SharePoint library.
OneDrive Retention Policy Is Set to 0 Days
If your organization’s OneDrive retention policy is set to 0 days, the site collection is deleted immediately when the user account is deleted. To prevent this in the future, go to Microsoft 365 admin center > Setup > Org settings > OneDrive > Retention and set the retention period to at least 30 days. This gives admins a window to recover files after an employee departs.
Account Restoration vs Site Collection Admin: Key Differences
| Item | Restore Deleted User Account | Assign Site Collection Admin |
|---|---|---|
| Prerequisite | Account deleted within 30 days | OneDrive site collection still exists |
| Time to complete | Up to 24 hours for full propagation | Immediate |
| Permanent impact | Reactivates the user account and license | No user account changes; only admin access |
| Best for | Executives who need original sharing links to work again | Admins who need to recover files without restoring the user |
You can now recover executive files from a former employee’s OneDrive using either account restoration or site collection admin assignment. After gaining access, move the files to a dedicated executive archive or a shared team site to prevent future orphaned data. Configure OneDrive retention to at least 30 days in the Microsoft 365 admin center to maintain a recovery window for all departing employees.