Many Active Directory objects are protected from deletion. When you try to delete them, you get an error, preventing you from accidentally removing user accounts that can’t be restored.
This of course prevents you from legit deletion or even moving objects to a new OU.
To find out whether an AD object is protected from accidental deletion, use this:
Get-ADObject ‹DN of object› -Properties ProtectedFromAccidentalDeletion
To turn off the protection, i.e. when you plan to move or delete an object, set the attribute to $false:
Set-ADObject ‹DN of object› -ProtectedFromAccidentalDeletion $false
ReTweet this Tip!
Powered by IDERA