When an executive tries to open a file stored in a former employee’s OneDrive for Business, the system displays an access denied error. This happens because the former employee’s account is disabled or deleted, and the default sharing permissions on their OneDrive content are no longer valid. Microsoft 365 retains the files for a period after account deletion, but access requires explicit permission assignment or a site collection administrator role. This article explains the root cause, the steps to restore access, and related failure patterns for executive file recovery.
Key Takeaways: Restoring Access to a Former Employee’s OneDrive Files
- Microsoft 365 admin center > User management > Active users: Check if the former employee account is deleted or disabled before proceeding with file recovery.
- Microsoft 365 admin center > SharePoint admin center > More features > User profiles > Manage user profiles: Find the former employee and use the Delete User Profile action to enable the OneDrive retention policy.
- Microsoft 365 admin center > SharePoint admin center > More features > User profiles > Manage user profiles > Manage site collection owners: Add an executive as a site collection owner of the former employee’s OneDrive site to grant full access.
Why Access Denied Occurs on a Former Employee’s OneDrive Files
When a user account is deleted from Microsoft 365, the associated OneDrive site enters a retention period. During this period, the site exists but the original owner no longer has an active identity. Any files that were shared with the former employee but not reshared to the executive lose their permission chain because the sharing link relied on the former employee’s account. The executive sees access denied because the file’s access control list does not include the executive’s user object.
The OneDrive retention policy in Microsoft 365 keeps the site for 30 days by default after account deletion. An administrator can extend this period up to 365 days. If the account was merely disabled rather than deleted, the files remain but the executive may still see access denied if the files were not explicitly shared with them. The former employee must have shared the files individually or the executive must be added as a site collection administrator to bypass per-file permissions.
Steps to Grant an Executive Access to a Former Employee’s OneDrive
- Verify the account status
Sign in to the Microsoft 365 admin center. Go to Users > Active users. Search for the former employee. If the account appears as Deleted, proceed to step 2. If the account is Disabled, you can re-enable it temporarily or skip to step 4 to add the executive as a site collection owner. - Restore or confirm the OneDrive retention period
In the admin center, go to SharePoint admin center > More features > User profiles. Under People, select Manage user profiles. Search for the former employee by name or user principal name. Select the profile and click Delete user profile. This action does not delete the OneDrive data. Instead, it triggers the retention policy. After deletion, the OneDrive site enters a 30-day retention window where administrators can still access it. - Access the former employee’s OneDrive site
In the SharePoint admin center, go to Sites > Active sites. Locate the site named OneDrive –. Copy the site URL. Open a browser and paste the URL. If you are a global administrator or SharePoint admin, you can access the site directly. If you receive access denied, proceed to step 4. - Add the executive as a site collection owner
In the SharePoint admin center, go to Sites > Active sites and select the former employee’s OneDrive site. Click Permissions. Under Site collection administrators, click Manage administrators. Add the executive’s user account. Click Save. The executive can now access all files in the site, including those previously shared only with the former employee. - Transfer files to the executive’s own OneDrive
Have the executive sign in to the former employee’s OneDrive site using the URL. Select the files or folders needed. Click Copy to or Move to and choose the executive’s own OneDrive. This ensures the files are under the executive’s control and will not be lost when the retention period expires.
If OneDrive Still Shows Access Denied After Adding the Executive as Owner
The retention period has expired
If the retention period ended, the OneDrive site is permanently deleted. Recover it within 93 days of deletion using the SharePoint admin center. Go to Sites > Deleted sites. Select the site and click Restore. After restoration, add the executive as a site collection owner using the same method described in step 4 above.
The file was shared with a specific user group that does not include the executive
Some files may have been shared with a Microsoft 365 group or security group that the executive does not belong to. As a site collection owner, the executive can override this by opening the file, clicking Share, and adding themselves directly. If the executive cannot edit permissions, use the SharePoint admin center to grant the executive Full Control permission level on the site.
The former employee’s OneDrive site was not provisioned
If the former employee never opened OneDrive, no site exists. In this case, no files were stored. The executive must check other data sources such as email attachments or shared drives. To prevent this, configure a default OneDrive site for every new user via the OneDrive admin settings.
| Item | Adding Executive as Site Collection Owner | Using Data Retention Policy to Extend Access |
|---|---|---|
| Description | Grants the executive full control over all files in the former employee’s OneDrive site | Extends the time the site exists after account deletion, allowing administrators to access files |
| When to use | When the executive needs ongoing access to multiple files | When the retention period is about to expire and more time is needed to transfer files |
| Permission level | Site collection owner | Global admin or SharePoint admin required to set the retention policy |
| Effect on other users | Does not affect other users unless explicitly shared | Does not affect other users |
| Recovery after deletion | Requires site restoration first | Requires site restoration first |
You now have the steps to grant an executive access to a former employee’s OneDrive files when access denied appears. Start by verifying the account status and retention period, then add the executive as a site collection owner. To prevent future access issues, configure a default OneDrive retention period of at least 90 days in the OneDrive admin settings and train executives to use the Copy to command to move important files to their own OneDrive immediately after a colleague departs.