Categories: Windows Server

SOLVED: How to Delete a Protected OU in Active Directory

Windows Server has a feature called PROTECT CONTAINER FROM ACCIDENTAL DELETION that blocks even Domain and Enterprise Administrators from deleting Organizational Units, Computers, Printers and other AD objects.

Speaking from personal experience in early 2000’s, I can tell you that this is a really nice feature because you can really screw up your Active Directory by deleting an entire OU by accident.

You can configure Accidental Deletion restrictions, when you create a new Organizational Unit simply by clicking the PROTECT CONTAINER FROM ACCIDENTAL DELETION.

You Do Not Have Sufficient Privileges To Delete

The problem is after an AD object is created, it is not so obvious how to remove Accidental Deletion restrictions. Even if you are a Domain or Enterprise admin, you will see “You do not have sufficient privileges to delete or this object is protected from accidental deletion”.

How To Remove Accidental Deletion Restrictions

You simply need to enable ADVANCED OPTIONS in Active Directory Users and Computers:

  1. In Active Directory Users and Computers, click the VIEW menu
  2. Select ADVANCED OPTIONS
  3. Double click on the object you want to delete
  4. Click the OBJECT tab
  5. Uncheck PROTECT OBJECT FROM ACCIDENTAL DELETION

View Comments

Published by
Ian Matthews

This website uses cookies.