Delete or Rename and Create a Protected Organisation Unit in AD

Posted on Christian By Christian No Comments on Delete or Rename and Create a Protected Organisation Unit in AD
Manage OU

Organizational units (OUs) in an Active Directory Domain Services (AD DS) managed domain to let you logically group objects such as user accounts, service accounts, or computer accounts. In this article, I will show you how to Delete or Rename and Create a Protected Organisation Unit in AD. Please see these related guides: How to add or delete users and set permissions in Azure Active Directory, and how to detect who disabled a user in Active Directory – Best Monitoring Tools and Software.

You can then assign administrators to specific OUs, and apply group policy to enforce targeted configuration settings. how to create Organisation Units, Service Accounts, and Active Directory Security Groups, and Create and find Organisation Unit paths in AD.

Note: If your Organisation Units (OU) in your Active Directory domains are not protected from accidental deletion. Your AD can experience disruptions that might be caused by the accidental bulk deletion of objects by inexperienced admins or hackers.

Fix do not have sufficient privileges to delete OU. This object is protected from accidental deletion

When you try to delete an Organisation Unit (OU) in Active Directory Users and Computers (ADUC). You may run into the following error that you don’t have sufficient privileges to delete Domain Windows Computers. 

Or the object is protected from accidental deletion.
Protected-OU-in-AD

To find our way around this issue, Please launch this from the Tools menu under Server Manager. Locate the Organisation Unit you wish to delete.

As you can see, this OU is protected from accidental deletion and as such the error below will be prompted when an OU deletion is interested.

Please see how to add or delete users and set permissions in Azure Active Directory, how to Fix MDT accidental OS deletion, and how to Query and display Windows information via WMI Explorer.

Delete an Organisation Unit

Right-click on the Organisation Unit (OU) and select Properties. Please see LDAP: What is Lightweight Directory Access Protocol.

OU-Properties

Click on the Object Tab on the Computer Object Properties. In my case, it is TechPCs Properties.

Note: If you do not have this option to untick, ensure the View > Advanced Features in Active Directory Users and Computers is ticked.

Here is a similar article on this topic: How to delete Organizational Unit in Active Directory, and how to Install Winget on Windows Server.

Object-Computer-Properties-1

Uncheck the button close to Protect object from accidental deletion, and click on Ok.

Please see How to move a computer object from one container (OU) to another, How to Check and Reset Network Data Usage in Windows 11, and what are the various ways to restart an AWS EC2 instance.

Please Uncheck the button close to Protect object

Now, proceed with the deletion of the computer object once more. Select the Organisation Unit (OU) you want to delete and click on delete.

Delete-OU

On the confirmation window, click on Yes to delete the Organisation Unit (OU).

Confirm-Organisation-Unit-OU-deletion-1

The Organisation Unit (OU) has been deleted.

Active Directory OU deleted

You can also achieve this via PowerShell where theGet-ADOrganizationlUnit, identifies the specific OU. The Set-ADObject removes the flag for ‘Protect object from accidental deletion.’

Lastly, Remove-ADOrganizationalUnit deletes the OU and suppresses any confirmation prompts. Incidentally, the ‘-PassThru‘ switch tells the final cmdlet to reference the object already specified (our OU).

Get-ADOrganizationalUnit -identity "OU=TechPCs ,DC=Techdirectarchive,DC=local" | Set-ADObject -ProtectedFromAccidentalDeletion:$false -PassThru | Remove-ADOrganizationalUnit -Confirm:$false

Create a Protected OU in AD

Open Active Directory Users and Computers. Select the OU where you wish to create a nest OU. Right-click on the OU and select New and then Organisation Unit as shown below.

Steps-to-create-an-OU-in-Active-Directory

In the New Object window, please enter the Name and by default, the protected container from accidental deletion is selected.

If you wish to create an OU you do not care if deleted accidentally, then you can uncheck the button ” Protectconatiner from accidental deletion”.

New-Object-OU-created

As you can see below, the OU has been created.

Here-is-the-newly-created-OU

Rename an Organisation Unit in AD

The process to rename a protected OU in Active Directory is simple. Here are the steps you need to follow. Open Active Directory Users and Computers, right-click on the OU you wish to rename and click on rename.

OU-Rename

The OU will be highlighted thereby proving you the form to rename it and click on Enter

Enter-the-NEw-oU-name
New-OU-name

We have renamed the OU.

done-renaming-the-OU

I hope you found this blog post helpful on how to delete or Rename and Create a Protected Organisation Unit in AD. Please let me know in the comment section if you have any questions.

5/5 - (1 vote)
Windows Server Tags:, , ,

Related Posts

More Related Articles

Distributed File System DFS All About Distributed File System Windows
How to Check what files are taking up space WinDirStat: Check what files are taking up space on Windows Windows
Install and report or install or shutdown with BitLocker BitLocker Windows Update Shutdown or Reboot option behavior Windows
WinPE How to uninstall and upgrade ADK, WinPE, and MDT Windows Server
How to Disable device encryption How to Disable device encryption on Windows Windows
Determine GPO from GUID or Name How to determine GPO from GUID or Name Windows

Leave a Reply