When a department transfer occurs and a former employee’s OneDrive shows access denied, the root cause is typically a mismatch between the user account’s state and the OneDrive site’s permission inheritance. OneDrive for Business sites are automatically provisioned with unique permissions tied to the original owner’s account. If the account is disabled, deleted, or moved to a different organizational unit without proper permission reassignment, all delegated access breaks. This article explains exactly why the access denied error appears during department transfers and provides a step-by-step checklist to restore access without data loss.
Key Takeaways: Restoring Access to a Former Employee’s OneDrive After a Department Transfer
- Microsoft 365 admin center > Users > Active users > select user > OneDrive tab: Directly set the site’s secondary owner or grant site collection admin access.
- SharePoint admin center > Sites > Active sites > select OneDrive URL > Permissions: Add the new manager or IT admin as a site collection administrator.
- PowerShell cmdlet Set-SPOUser -Site: Bulk-assign site collection admin rights to multiple OneDrive sites for transferred employees.
Why a Department Transfer Causes Access Denied on a Former Employee’s OneDrive
Each OneDrive for Business site is a special SharePoint site collection with unique permissions. By default, only the original owner has full control. When an employee transfers to a different department, the IT team often disables the old account or moves it to a blocked security group. This action removes the owner’s ability to grant access through the OneDrive sharing interface. If the new manager or department admin tries to open the site, SharePoint returns an access denied error because the user’s token does not have explicit permission to the site collection.
The access denied error is not a sign of data corruption. It is a permission inheritance issue. OneDrive sites do not inherit permissions from the parent SharePoint tenant. Each site has its own permission set. When the original owner’s account is disabled or deleted, any delegated access (shared with specific users) remains, but no one has administrative rights to change permissions. The new manager sees access denied because they were never added as a site collection administrator or secondary owner.
Another common cause is the OneDrive site being placed in a legal hold or retention policy that blocks permission changes. In that scenario, even global admins cannot modify permissions until the hold is removed. This article focuses on the standard department transfer scenario where the account is disabled but the site is still active.
Checklist to Restore OneDrive Access for a Transferred Employee
Use the following steps in order. Do not skip step one unless you are certain the original owner’s account is permanently deleted.
- Verify the original owner’s account state in the Microsoft 365 admin center
Go to Microsoft 365 admin center > Users > Active users. Search for the former employee. If the account is listed as Disabled or Blocked, re-enable it temporarily. This step is required to reassign permissions through the OneDrive interface. If the account is deleted, skip to step 3. - Add the new manager as a site collection admin via the OneDrive tab
In the same user’s properties, select the OneDrive tab. Under Access, click Create link to files or Manage access. Add the new manager’s email address and assign Can edit permissions. Alternatively, click Add site collection admin and enter the new manager’s email. This grants full administrative control. - Use the SharePoint admin center if the account is deleted
Go to SharePoint admin center > Sites > Active sites. Locate the OneDrive site by its URL pattern:https://[tenant]-my.sharepoint.com/personal/[user_upn]. Select the site, then click Permissions. Under Site collection administrators, click Add site collection admin. Enter the new manager’s email and save. - Grant site collection admin via PowerShell for bulk transfers
Open the SharePoint Online Management Shell as an administrator. RunConnect-SPOService -Url https://[tenant]-admin.sharepoint.com. Then runSet-SPOUser -Site https://[tenant]-my.sharepoint.com/personal/[user_upn] -LoginName [new_manager_email] -IsSiteCollectionAdmin $true. Replace the bracketed values with actual tenant, user UPN, and manager email. This method works even if the original owner’s account is deleted, as long as the site exists. - Verify the new manager can access the OneDrive
Ask the new manager to navigate to the OneDrive URL directly. They should see the file list without an access denied error. If the error persists, check the site’s permission inheritance. Go to SharePoint admin center > Sites > Active sites, select the OneDrive site, click Permissions, and ensure Unique permissions is selected. If it shows Inherited, change it to Unique permissions and re-add the manager.
If OneDrive Still Shows Access Denied After the Main Fix
The OneDrive site is under a legal hold or retention policy
If the site is placed under a Microsoft 365 retention policy or legal hold, permission changes are blocked. To verify, go to Microsoft Purview compliance portal > Data lifecycle management > Retention policies. Check if any policy applies to the former employee’s OneDrive. If a hold is active, remove the hold or exclude the site from the policy before reassigning permissions. Note that removing a hold may affect compliance requirements.
The new manager’s account lacks the SharePoint Online license
A user must have a SharePoint Online license assigned to access any OneDrive site. In the Microsoft 365 admin center, go to Users > Active users, select the new manager, and check their Licenses and apps tab. Ensure SharePoint Online (Plan 2) or SharePoint Online (Plan 1) is enabled. If not, assign the license and wait 15 minutes before retrying access.
The OneDrive site was deleted and is in the recycle bin
When a user account is deleted, the OneDrive site is moved to the SharePoint admin center recycle bin after 30 days. Go to SharePoint admin center > Sites > Deleted sites. Search for the OneDrive URL. If it appears, select it and click Restore. After restoration, follow step 3 or 4 in the checklist above to grant access. Sites in the recycle bin cannot have permissions modified.
OneDrive Permission Assignment Methods: Comparison of Access Recovery Approaches
| Item | Microsoft 365 Admin Center OneDrive Tab | SharePoint Admin Center Site Permissions | PowerShell Set-SPOUser |
|---|---|---|---|
| Best for | Single user, account still active | Single user, account deleted or disabled | Bulk operations, multiple sites |
| Permission level assigned | Can edit or site collection admin | Site collection admin | Site collection admin |
| Requires original owner’s account active | Yes | No | No |
| Steps to complete | 3 clicks after locating user | 4 clicks after locating site | 2 PowerShell commands |
After completing the checklist, the new manager will have full access to the former employee’s OneDrive files. Next, consider moving the files to the new manager’s own OneDrive or a shared team site to avoid future permission issues. An advanced tip: use the SharePoint Migration Tool to transfer the entire OneDrive content to a SharePoint document library in the new department’s site collection, which centralizes permissions under the new team’s structure.