Question about Employee Terminations and shared documents in OD4B

Question

We have an employee who was terminated back in December.

He had a file in his OD4B account that was shared with multiple users.

The user's claim they have been able to access that shared document up until around July, but are now no longer able to see or access it (as if it has finally been deleted).

It would be my expecation that if he was terminated December 15, then no later than January 15, those documents would no longer be accessible by other users.

Can anyone shed any insight on this situation?

adrian hyde · Answer

You mention that you disabled the account in December. The OneDrive cleanup job does not process disabled accounts, only deleted accounts. And - that is only if the account is deleted in AzureAD (in case you had some kind of sync issue not processing the delete).
Also - check what your tenant is set to for -OrphanedPersonalSitesRetentionPeriod (part of the Set-SPOTenant parameters) - the default is 30 days but it can go up to a whole year.
So OK...that's how it should work, but we also have a lot of examples where the OneDrive cleanup process doesn't work and we end up with a bunch of orphaned OneDrives - maybe that is what happened here as well. Or maybe it was just a case where an admin finally deleted the disabled account and kicked-off the deletion process a lot later than expected.

deleted · Answer

I just learned that Microsoft released a setting a few months ago, where we can configure how long after a user account is deleted before their OneDrive site is deleted.&nbsp;Check out this KB article:&nbsp;https://support.microsoft.com/en-us/kb/3042522&nbsp;In particular, the option is the&nbsp;-OrphanedPersonalSitesRetentionPeriod&nbsp;parameter for the Set-SPOTenant&nbsp;command.&nbsp;Here's a blog post explaining further:&nbsp;https://jinkang.us/2016/08/11/onedrive-for-business-configurable-retention-period-for-orphaned-onedrives/&nbsp;This is actually great news. &nbsp;We're going to set our OneDrive retention policy to match our personal file shares on premise.

paul stork · Answer

I've also seen cases where the creation and deletion of OneDrive sites has gotten "stuck" in the queue until someone noticed or a support call was opened. once someone on the Microsoft Operations team takes a look at the particular tenant the queue becomes "un-stuck" and OneDrives are created and deleted normally. As Adrian says I suspect that is what happened in your case. Someone finally hit the reset button in July and the site finally got deleted.

vasilmichev · Answer

Being terminated doesn't imply immediate disable/deletion of the underlying account, have you checked when exactly that happened? The Audit logs might be of some help. Also the notification email that the manager should have received for the pending deletion of ODFB site.

brent ellis · Answer

The account was disabled in Active Directory on December 1 of 2015, not sure where else to check online to confirm whether or not everything terminated correctly, but don't have a reason to suspect it didnt.

We have an Exchange Transport Rule that cc's me whenever those OneDrive emails go out. For some unknown reason, the manager, nor I ever even received a termination email regarding OD4B for that particular user.

I questioned if maybe the manager field was blank for some reason near that date, but no one seems to think so.

They swear they could access the document very recently (and now I've got to come up with answers where there don't appear to be any). And of course it was a critical document, bleh...

Why is was in a user's OD4B is another matter......

Forum Discussion

Question about Employee Terminations and shared documents in OD4B

8 Replies

Resources