I would check few things since you said the Manage Access is failing in the first place. Please check whether your Workflow owner has required permission to run the getAccess action, you can compare your sandbox Workflow owner’s user level with Prod.
On the delete Account operation, if it all deletes the account in sandbox then compare the AD accounts what you have in SB which is deleting successfully against your Prod AD accounts, and you may get to know @Carlatto statement could be true and unfortunately SailPoint AD connector couldn’t delete the AD account with child-object though the service account have the permission. You may need to use PS scripts to delete it Error when removing AD accounts wth child objects - 6003 (CANT_ON_NON_LEAF) - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community
You can download the failed Workflow execution log, and it will show you the detailed error message and see what makes it fail.
On your other question for the other options to delete the AD accounts,
- Use the feature New Capability: Delete Accounts on Termination via Lifecycle Management - Announcements / Product News - SailPoint Developer Community which do a true deletion in the target source
- Cloud Rule: You can either use Before Provisioning Rule or Service Standard Before Provisioning rule which obviously comes with a disclaimer to get an approval for Prod usage.
I would prefer to use the SailPoint Delete account feature in UI.