Steps to remove/deactivate/remote wipe a user leaving my organization?


let’s say a user is leaving my organization.

I’m unsure in which order I have to take the following steps so that they work as intended. The documentation (and threads on the forums) have little or conflicting information about the remote wipe feature. I’m using Nextcloud 19.0.1 on my own VPS.


  • I have shared folders with the person (folder owner: me)
  • User is using Android and Windows clients


  • Deactivate or remove account
  • Make sure that the data is removed from the user’s client devices

Can I deactivate the account first before triggering a wipe? Or do I unshare the folder first, and hope that data gets deleted that way? I also want to make sure they cannot login after to re-download the shares via web or on another device, etc.

I know these steps are not bulletproof, there are ways to recover data, if the user has their own backups, etc. etc. I just want to inquire about the ways which are possible with Nextcloud.


I think you must work together with the leaving people. If your leaving people want keep the data he/she has already copy/stolen the data and has moved it to a third place. This is possible from client and from server.

Personally i think the best way is first wipe the clients and then delete the data/user on the server. Is it at all possible in reverse? But pehpaps i am wrong.

1 Like

Hi chrki,

This is how I would do it as an admin:

  1. Disable/Deactivate the user, so the user cannot login with any device anymore
  2. Depending on your company policy, check for files in the user account and transfer ownership to another user (i.e. admin or a user purposely created for these scenarios)
  3. Wipe all devices to ensure that all data is gone from the user’s device

After that, you can delete the user account.

Edit: These steps could differ, depending on what user source you are using!

If you are using an external source such as LDAP / AD / etc. you could just disable the user in that source, which prevents that user from logging in into your infrastructure.