Monday, February 13, 2012

Active Directory: How to Protect All Organizational Units from Accidental Deletion Using PowerShell?

Sponsored Links

Windows Server 2008 Active Directory comprises of lot many new features and functionalists. You can protect Active Directory OUs from accidental deletion. This can be done at the time of creation of OU. This option will be active by default.

But if you want to protect the OU from accidental deletion later time, use Active Directory Administrative Center and locate your OU.  Take the properties of the particular OU  from the right pane and check the option as seen in the below picture:


But if you have a bunch of OU that need to be protected, it can be done using this PowerShell script. 

Firstly, Open Active Directory Module for Windows PowerShell.

And run the below script to view list of OU that are not protected from accidental deletion.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

The script will generate a list similar to what you see in below screenshot:


Once you have detemined the number OU to be protected, run the below script. This will protect all the OU in the domain from accidental deletion.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Now, use below script to check the status of the OUs:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft

And see the output in the screenshot below:


As you see in the above screenshot, status will be ‘True’, that means all the OU are protected from accidental deletion.

blog comments powered by Disqus
Related Posts Plugin for WordPress, Blogger...