Organizational units (OUs) in an Active Directory Domain Services (AD DS) managed domain to let you logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific OUs, and apply group policy to enforce targeted configuration settings. In this article, I will show you how to Delete or Rename and Create a Protected Organisation Unit in AD. Please see these related guides: How to add or delete users and set permissions in Azure Active Directory, how to detect who disabled a user in Active Directory – Best Monitoring Tools and Software, how to create Organisation Units, Service Accounts, and Active Directory Security Groups, and Create and find Organisation Unit paths in AD.
Note: If your Organisation Units (OU) in your Active Directory domains are not protected from accidental deletion. Your AD can experience disruptions that might be caused by the accidental bulk deletion of objects by inexperienced admins or hackers.
Fix do not have sufficient privileges to delete OU. This object is protected from accidental deletion
When you try to delete an Organisation Unit (OU) in Active Directory Users and Computers (ADUC). You may run into the following error that you don’t have sufficient privileges to delete Domain Windows Computers. Or the object is protected from accidental deletion.
To find our way around this issue, Please launch this from the Tools menu under Server Manager. Locate the Organisation Unit you wish to delete. As you can see, this OU is protected from accidental deletion and as such the error below will be prompted when an OU deletion is interested. Please see how to add or delete users and set permissions in Azure Active Directory.
Delete an Organisation Unit
Right-click on the Organisation Unit (OU) and select Properties. Please see LDAP: What is Lightweight Directory Access Protocol.
Click on the Object Tab on the Computer Object Properties. In my case, it is TechPCs Properties.
Note: If you do not have this option to untick, ensure the View > Advanced Features in Active Directory Users and Computers is ticked. Here is a similar article on this topic: How to delete Organizational Unit in Active Directory.
Uncheck the button close to Protect object from accidental deletion, and click on Ok.
Please see How to move a computer object from one container (OU) to another, How to Check and Reset Network Data Usage in Windows 11, and what are the various ways to restart an AWS EC2 instance.
Now, proceed with the deletion of the computer object once more. Select the Organisation Unit (OU) you want to delete and click on delete.
On the confirmation window, click on Yes to delete the Organisation Unit (OU).
The Organisation Unit (OU) has been deleted.
You can also achieve this via PowerShell where the
Get-ADOrganizationlUnit, identifies the specific OU. The
Set-ADObject removes the flag for ‘Protect object from accidental deletion.’ Lastly,
Remove-ADOrganizationalUnit deletes the OU and suppresses any confirmation prompts. Incidentally, the ‘-PassThru‘ switch tells the final cmdlet to reference the object already specified (our OU).
Get-ADOrganizationalUnit -identity "OU=TechPCs ,DC=Techdirectarchive,DC=local" | Set-ADObject -ProtectedFromAccidentalDeletion:$false -PassThru | Remove-ADOrganizationalUnit -Confirm:$false
Create a Protected OU in AD
Open Active Directory Users and Computers. Select the OU where you wish to create a nest OU. Right-click on the OU and select New and then Organisation Unit as shown below.
In the New Object window, please enter the Name and by default, the protected container from accidental deletion is selected. if you wish to create an OU you do not care if deleted accidentally, then you can uncheck the button ” Protectconatiner from accidental deletion”.
As you can see below, the OU has been created.
Rename an Organisation Unit in AD
The process to rename a protected OU in Active Directory is simple. Here are the steps you need to follow. Open Active Directory Users and Computers, right-click on the OU you wish to rename and click on rename.
The OU will be highlighted thereby proving you the form to rename it and click on Enter
We have renamed the OU.
I hope you found this blog post helpful on how to delete or Rename and Create a Protected Organisation Unit in AD. Please let me know in the comment section if you have any questions.