Sometimes during our tenant to tenant migrations we come across this issue for OneDrive migrations in the target tenant on day one of user logging into their OneDrive.

It is not a common issue, but also it does not fall into the very rare category either.  At a recent migration of circa 10k users we probably saw 60+ cases of this.

Where we see it happen is often where the UPN of the user has changed from when the ODfB Personal Site was created and for whatever reason something in the Microsoft back-end service has not processed the change correctly. There is information in this technote from Microsoft about it that is the similar usecase, but not always identical.

The UserInfo list for the SharePoint and OneDrive sites associated with the account only has the old ID. When users try to access a SharePoint or their OneDrive site by using their new account, their new ID doesn’t match the ID that’s in the UserInfo list. Therefore, they’re denied access to the site.

Fix site user ID mismatch in SharePoint or OneDrive
https://learn.microsoft.com/en-us/sharepoint/troubleshoot/sharing-and-permissions/fix-site-user-id-mismatch

On the face of it, nothing seems wrong.  The OneDrive site owner is correct and the URL for the Personal OneDrive site is correct, and yet, the end-user cannot start the Desktop OneDrive application. Even going to the browser to connect to OneDrive also fails with an access denied error.

The error seen on the Windows Device in the Desktop Application is:

You don’t have access to this service.  For help, contact your IT department (Error Code: 0x8004e4d0)

And looks like this:

And if they try via the Browser, they see this:

“user” does not have permission to access this resource.

The solution, in a nut shell is to remove the user from Owner and SiteCollectionAdmin on the OneDrive Personal Site.  This can be done via the UI in the SharePoint Admin Portal or via PowerShell.

SharePoint Admin Portal

Go to SharePoint Admin Portal\More Features\User Profiles

Open and select: Manage User Profiles

In the Find profiles box, type the user name of the failing user and hit find.  On the username select, and a small dropdown will appear.  Click this and choose “Manage site collection owners”

Remove the current user. 

and replace with another, e.g. your own Admin Account

Choose OK

Then repeat the process and add back the original User that should be Owner/Admin of their own Personal Site.

Preferred Method – PowerShell

Connect to SP Online, and run the following 4 lines similar to this:

Change Owner

Set-SPOSite https://contoso-my.sharepoint.com/personal/uncle_scrooge_charlie_t2t_dev1 -Owner admin.conrad.murray@contoso.onmicrosoft.com

Remove User

Remove-SPOUser -Site https://contoso-my.sharepoint.com/personal/uncle_scrooge_charlie_t2t_dev1 -LoginName uncle.scrooge@charlie.t2t.dev

Add SiteCollectionAdmin

Set-SPOUser -Site https://contoso-my.sharepoint.com/personal/uncle_scrooge_charlie_t2t_dev1 -LoginName uncle.scrooge@charlie.t2t.dev -IsSiteCollectionAdmin:$TRUE

Revert Owner

Set-SPOSite https://contoso-my.sharepoint.com/personal/uncle_scrooge_charlie_t2t_dev1 -Owner uncle.scrooge@charlie.t2t.dev

This should solve your issue.