
close
close
As your organization’s logical layout changes, you may need to delete OUs in Active Directory (AD) from your domain controllers. In this post, we’ll show you two different ways to delete protected OUs (Organizational Units) and what minor roadblocks you may come across while doing so.
Table of Contents
There are two main situations where the deletion of an organizational unit in just one step isn’t possible.
When you try to delete an OU in Active Directory Users and Computers (ADUC), you may run into the following error message telling you that you don’t have sufficient privileges to delete Domain Windows Computers, or that the object is protected from accidental deletion. I’ll explain how to circumvent this limitation later.
The second situation that may prevent you from deleting an OU/ is when you’re trying to delete is what’s referred to as a ‘default’ OU. These are OUs that were either installed as default when Active Directory Domain Services (AD DS) was installed and configured (Computers, Users), or were modified to carry the ‘default’ attribute post-installation.
Sponsored Content
Centralize, Manage and Secure Remote Connections
Centralized remote connection technologies, remote machine data, password management and access control on a platform that is secure, scalable and refreshingly simple to use.
Learn More
You should also make sure that you’re seeing ‘all’ the objects in your directory – Click View in ADUC and make sure Advanced Features is checked.
The process to delete a protected OU in Active Directory is straightforward. Here are the steps you need to follow.
I’m always looking for ways to boost my efficiency as an IT Pro, especially with PowerShell. We previously covered how to move and delete Active Directory OUs with PowerShell on Petri, but let me show you how to use PowerShell to remove a protected OUs in one fell swoop.
For this example, we’ll be removing our protected ‘Member Computers’ OU with three PowerShell commands:
Get-ADOrganizationalUnit -identity "OU=Member Computers,DC=Reinders,DC=local" | Set-ADObject -ProtectedFromAccidentalDeletion:$false -PassThru | Remove-ADOrganizationalUnit -Confirm:$false
After the command is run and we’ve made a refresh in ADUC, the ‘Member Computers’ OU is history!
We’ve just explained a few scenarios many IT pros can run into on a daily basis when trying to remove OUs from Active Directory. We’ve described the two most prevalent reasons you may run into when trying to delete protected OUs, and we described two different methods you can use to get the job done.
Please let me know if you have any questions or comments by leaving one below. Thank you for reading!
More in Active Directory
How to Fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri