Windows Server has a feature called PROTECT CONTAINER FROM ACCIDENTAL DELETION that blocks even Domain and Enterprise Administrators from deleting Organizational Units, Computers, Printers and other AD objects.

Speaking from personal experience in early 2000’s, I can tell you that this is a really nice feature because you can really screw up your Active Directory by deleting an entire OU by accident.

You can configure Accidental Deletion restrictions, when you create a new Organizational Unit simply by clicking the PROTECT CONTAINER FROM ACCIDENTAL DELETION.

PROTECT CONTAINER FROM ACCIDENTAL DELETION - ou - active directory

You Do Not Have Sufficient Privileges To Delete

The problem is after an AD object is created, it is not so obvious how to remove Accidental Deletion restrictions. Even if you are a Domain or Enterprise admin, you will see “You do not have sufficient privileges to delete or this object is protected from accidental deletion”.

you do not have sufficient privileges to delete or this object is protected from accidental deletion - active directory

How To Remove Accidental Deletion Restrictions

You simply need to enable ADVANCED OPTIONS in Active Directory Users and Computers:

  1. In Active Directory Users and Computers, click the VIEW menu
  2. Select ADVANCED OPTIONS
  3. Double click on the object you want to delete
  4. Click the OBJECT tab
  5. Uncheck PROTECT OBJECT FROM ACCIDENTAL DELETION
how to disable accidental deletion restrictions in active directory


1 Comment

SOLVED: How to Find the Fully Qualified / Distinguished Name of an OU in Active Directory – Up & Running Technologies, Tech How To's · January 16, 2024 at 10:09 am

[…] many times, especially when using scripts, that you may need to know the fully qualified path to an Active Directory Organizational Unit. The problem really comes in when an OU is buried under other OU’s, some of which may have […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *