Permanently Deleting AD Objects

by Nov 2, 2020

Many Active Directory objects are protected from deletion. When you try to delete them, you get an error, preventing you from accidentally removing user accounts that can’t be restored.

This of course prevents you from legit deletion or even moving objects to a new OU.

To find out whether an AD object is protected from accidental deletion, use this:

Get-ADObject DN of object -Properties ProtectedFromAccidentalDeletion 

To turn off the protection, i.e. when you plan to move or delete an object, set the attribute to $false:

Set-ADObject DN of object -ProtectedFromAccidentalDeletion $false


Twitter This Tip! ReTweet this Tip!