Windows Server has a feature called PROTECT CONTAINER FROM ACCIDENTAL DELETION that blocks even Domain and Enterprise Administrators from deleting Organizational Units, Computers, Printers and other AD objects.
Speaking from personal experience in early 2000’s, I can tell you that this is a really nice feature because you can really screw up your Active Directory by deleting an entire OU by accident.
You can configure Accidental Deletion restrictions, when you create a new Organizational Unit simply by clicking the PROTECT CONTAINER FROM ACCIDENTAL DELETION.
The problem is after an AD object is created, it is not so obvious how to remove Accidental Deletion restrictions. Even if you are a Domain or Enterprise admin, you will see “You do not have sufficient privileges to delete or this object is protected from accidental deletion”.
You simply need to enable ADVANCED OPTIONS in Active Directory Users and Computers:
This website uses cookies.
View Comments