OneDrive for Business former employee OneDrive access troubleshooting for HR handover: shows access denied

When an HR administrator tries to access a former employee’s OneDrive for a handover, the browser often shows an Access Denied error. This usually happens because the OneDrive site has been automatically locked or deleted after the employee’s Microsoft 365 account was disabled or removed. The error is not a simple permission issue — it reflects the lifecycle state of the OneDrive site itself. This article explains why the access denied error occurs, how to restore access for a handover, and what to do if the OneDrive is already deleted.

Why Access Denied Appears for a Former Employee’s OneDrive

When an employee leaves the organization, the IT or HR team typically disables or deletes the user account in the Microsoft 365 admin center. This action triggers a lifecycle event for the user’s OneDrive site. Microsoft automatically locks the OneDrive site 30 days after the user account is deleted. Before that 30-day mark, the site remains accessible to administrators. After 30 days, the site is moved to the SharePoint recycle bin and eventually permanently deleted after 93 days total.

The Access Denied error occurs in two common scenarios:

Scenario 1: User Account Is Disabled but Not Deleted

If the user account is disabled in Microsoft 365, the OneDrive site still exists but the site permissions may break. The HR administrator might not have explicit access to the site. The site inherits permissions from the user’s account, and disabling the account can cause the site to become orphaned from the permission model.

Scenario 2: User Account Is Deleted

Deleting the user account immediately removes the site owner. The OneDrive site enters a locked state. Only the SharePoint admin or Global admin can access it. If the admin tries to open the site URL directly, the browser shows Access Denied because the site requires an explicit site collection admin assignment.

Steps to Restore OneDrive Access for HR Handover

Use one of the following methods depending on the current state of the user account and the OneDrive site.

Method 1: Reactivate the Deleted User Account Within 30 Days

If the user account was deleted less than 30 days ago, reactivate it to unlock the OneDrive site automatically. This is the fastest method.

1. Open the Microsoft 365 admin center
   Go to admin.microsoft.com and sign in with a Global admin or User management admin account.
2. Navigate to Deleted users
   In the left navigation, select Users and then Deleted users.
3. Find the former employee
   Locate the user in the list. If you see many entries, use the search box to filter by email or display name.
4. Restore the user account
   Select the user and click Restore user. Confirm the restore action. The account will be reactivated with its original licenses if available.
5. Access the OneDrive site
   Wait 5 to 10 minutes for the site to unlock. Open the OneDrive URL directly: https://yourtenant-my.sharepoint.com/personal/user_yourtenant_com.

Method 2: Assign a Site Collection Admin to the Locked OneDrive Site

If the user account is disabled but not deleted, or if you cannot reactivate the account, assign yourself as a site collection admin on the OneDrive site.

1. Open the SharePoint admin center
   Go to admin.microsoft.com and select SharePoint from the admin centers list. Alternatively, go directly to https://yourtenant-admin.sharepoint.com.
2. Go to Active sites
   In the left navigation, select Sites and then Active sites.
3. Find the former employee’s OneDrive site
   Type the user’s name or email in the search box. The site URL contains /personal/ followed by the user’s email prefix.
4. Open site permissions
   Select the site by clicking its row. In the command bar at the top, click Permissions.
5. Add a site collection admin
   Under Site collection administrators, click Add site collection admins. Enter your email address or the HR administrator’s email. Click Save.
6. Access the OneDrive site
   Open the site URL. You should now see the content without an Access Denied error.

Method 3: Delete the User Profile to Reset the Site Lock

When the user account is disabled but the OneDrive site still shows Access Denied, the user profile may be corrupted or stuck. Deleting the user profile from SharePoint forces the site to re-evaluate permissions.

1. Open the SharePoint admin center
   Go to admin.microsoft.com and select SharePoint.
2. Go to More features
   In the left navigation, select More features.
3. Open User profiles
   Under User profiles, click Open.
4. Manage user profiles
   In the User Profiles service application, click Manage user profiles.
5. Find and delete the profile
   Search for the former employee’s name. Select the profile and click the arrow next to it, then choose Delete. Confirm the deletion.
6. Wait for the profile to be removed
   This process can take up to 24 hours. After the profile is deleted, the OneDrive site becomes accessible to administrators through the SharePoint admin center.

If the OneDrive Site Is Already Deleted

If more than 30 days have passed since the user account was deleted, the OneDrive site may be in the SharePoint recycle bin. You can restore it within 93 days from the deletion date.

Restore from the SharePoint Recycle Bin

1. Open the SharePoint admin center
   Go to admin.microsoft.com and select SharePoint.
2. Go to Deleted sites
   In the left navigation, select Sites and then Deleted sites.
3. Find the OneDrive site
   Search for the user’s email or site URL. Sites in the recycle bin have a status of Deleted.
4. Restore the site
   Select the site and click Restore. The site will be moved back to Active sites.
5. Assign a site collection admin
   Follow Method 2 to assign yourself as a site collection admin on the restored site.

Common Issues When Accessing Former Employee OneDrive

Access Denied Even After Assigning Site Collection Admin

The site may still be locked if the user profile is corrupted. Use Method 3 to delete the user profile. Also verify that you are using a Global admin or SharePoint admin account. Site collection admin rights are inherited from the user account, but the site lock can override permissions.

OneDrive URL Returns 404 Not Found

This usually means the OneDrive site was permanently deleted after 93 days. Microsoft does not retain any data beyond this period. If you need the data, you must restore from a backup solution or eDiscovery export if the data was preserved in a legal hold.

Cannot Find the OneDrive Site in SharePoint Admin Center

The site may not appear in Active sites if the user account was never licensed for OneDrive. Check that the user had a SharePoint Online or OneDrive license assigned. If the user never used OneDrive, no site exists.

User Account State vs OneDrive Site Access: Comparison

Item	User Account Active	User Account Disabled	User Account Deleted
OneDrive site status	Unlocked	Locked after 30 days	Locked immediately
Admin access via URL	Works if admin has permissions	Shows Access Denied	Shows Access Denied
Restore method	Assign site collection admin	Delete user profile or assign admin	Restore user account within 30 days
Data retention window	Indefinite while account is active	30 days from disable	93 days from deletion

After restoring access, the HR administrator can download or copy the files needed for the handover. To avoid future access denied errors, create a formal offboarding process that includes transferring OneDrive data before the user account is disabled. Use the Microsoft 365 admin center > Users > Active users to assign a delegate or transfer ownership of the OneDrive site before deprovisioning the account. For ongoing access, consider using the SharePoint admin center to add the HR team as site collection admins on all former employee OneDrive sites within the first 30 days after departure.