OneDrive: Deleted user retention
As part of ongoing user management, this question comes up from time to time:
What happens to a user’s OneDrive library when their account is deleted?
The short answer is that user data is retained for 60 days after their account is deleted, and then irretrievable after that. During that time, the data can be retrieved by the user’s manager, or by a secondary site collection admin. It’s important to note that the OneDrive cleanup process ONLY happens on user account deletion, not disabling the account or removing their license(s).
Here’s the process:
By default, when a user account is deleted ownership of their OneDrive library is assigned to their manager. For this to work, however, several things have to be in place beforehand.
a. The manager field needs to be populated in AD
b. Access Delegation needs to be enabled in SharePoint Online, as indicated in the following screenshot. Note that this is a global setting that will be applied for all users, and is recommended as a best practice.
c. A secondary owner or site collection admin can be assigned on this page as well, allowing for further control or access to be provided for a deleted user.
- Once a user profile has been deleted, a timer job runs which marks the account for deletion in AD, and flags the OneDrive library for deletion in 30 days. If the Manager field is populated, they will receive a notification at this point that the site will be deleted in 30 days, so they can go and retrieve any data and save it elsewhere. If the Manager field isn’t populated, the notification will go to the Secondary Owner, or Secondary Site Collection Administrator. If none of these 3 fields is filled out, the workflow will continue below, but no email notifications will be sent.
- After 23 days, the Manager / Secondary Owner / Secondary Site Collection Admin will receive a final notification that the library will be deleted in 7 days.
- 30 days after the user has been deleted from AD, their OneDrive library is deleted, and moved to the Site Collection Recycle Bin.
- After another 30 days (60 days from user deletion in AD), the OneDrive library is cleared from the Site Collection Recycle Bin.
What about if the account is disabled in AD?
If a user has been disabled in AD (but not deleted), the account status in Office 365 changes to Blocked, and the user’s OneDrive site collection is not accessible until an administrator takes ownership of it.
In the case of my test account, the Manager property wasn’t set, neither was the secondary site collection owner/administrator – if either of those properties were in place, the library would have been available to those people. Since those attributes weren’t set, it required taking ownership manually as a SharePoint admin, at which point I could access the library.
Bottom line: the user’s OneDrive library deletion cycle starts when the account is deleted, not when it is disabled. This is a fairly large distinction, as I’ve seen many environments where user accounts are disabled, and sometimes left in that state for years without clearing them out. However, you need to be careful with this practice – if you disable the user account and move it into a Disabled Users OU (for instance) that is excluded in the Azure AD Sync, this WILL delete the user account in Azure AD and trigger the start of the deletion process.