SOLVED: Active Directory Object Contains Other Objects. Use Delete Subtree?

Published by Ian Matthews on

If you are trying to delete a user or compute from Active Directory you might be presented with the following popup message:

Confirm Subtree Deletion

Object {User or Computer Name} you sure you want to delete object {User or Computer Name} and all of the objects it contains?

If you cancel the running deletion, the objects deleted thus far will not be recovered.

WARNING: if you select Use Delete Subtree server control check box, all objects within the subtree, including all delete-protected objects, will be deleted, and the deletion cannot be canceled.

Use Delete Subtree server control

All this is telling you is that there is something else in Active Directory tied to the is object.

Usually we at Up & Running, see this alert when we are deleting an old server that still contains printers it is sharing. In that case we just click YES use DELETE SUBTREE SERVER CONTROL.

However, we are concerned when we don’t understand what other objects are hooked. In the case shown in the screenshot below, we found a user account popped up with the USE DELETE SUBTREE option and we had no idea why.

How To Determine What Objects are Contained in Other Objects

There are a few convoluted ways to figure out what objects are contained by the object you are deleting and there are usually two easy ways.

The first way is to click VIEW, ADVANCED SETTINGS in your ADUC and then find your computer or user and note what is under it. However, that did not work for our stuck user, so we went straight to ADSI EDIT.

BE CAREFUL. ADSI Edit is an unrestricted Active Directory Database editor so you can screw up your whole environment if you start goofing in here.

As you can see in the screenshot:

  1. Launch ADSI EDIT
  2. Right click on ADSI EDIT, select CONNECT (not shown in the screenshot), and then OK to connect to the DEFAULT NAMING CONTEXT
  3. Double click your way through your Active Directory OU and Folder structure to the object in question
    • in our case, that was a user named BEN
    • See what is under that user
  4. If you are confident these are not issues, you can use the USE DELETE SUBTREE SERVER CONTROL from the popup or you can delete each of the objects one by one manually
    • Be sure to delete the folder as well as the detailed objects)
    • In our case, we deleted both of his iPhone entries then then the CN=EXCHANGEACTIVESYNCDEVICES, the we went back to ADUC and delete the user without any popups

Categories: Business & Tech News

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

who and when did someone login

SOLVED: Who and When Did Someone Login?

We have one of our very long standing clients wanting to know why some things are being done on a particular server at about 5:30 AM most mornings. We looked through backup schedules, scheduled tasks, Read more…

youtube hype FAQs

SOLVED: YouTube HYPE FAQ’s: A New Mechanism for Emerging Creator Visibility

If you haven’t heard of “Hype” on YouTube you soon will. Currently it is only available for small creators in Brazil, Taiwan, and Turkey, but it will be going world-wide. If you are a YouTube Read more…

DNS and email security with DKIM and DMARC

SOLVED: A Simple Explanation of Email Security with DKIM and DMARC

A long time ago when the earth was green and everyone was good, email was sent in plain text from a senders outbox, to a their mail server, then to the recipients mail server, then Read more…