Windows 2008 Active Directory, deleting OUs
Today I found some new default permissions on Windows 2008 Active Directory Organizational Units (OU). I had created an OU in my nice new Windows 2008 Active Directory to provision servers into. Now that I have created my OU structure I tried to delete my redundant OU and received the error message.
You do not have sufficient privileges to delete MyOUName, or this object is protected from accidental deletion.
So I immediately switched on Advanced Features in Active Directory Users and Computers so that I can access the Security tab of the OU. When I clicked Advanced there was one explicit Deny permission set for Everyone with Special permissions. These Special permissions were Deny Delete and Deny Delete Subtree. Of course by un-checking these options I could delete the OU.
Posted by Brian Gibson
http://brianagibson.blogspot.com/2008/07/windows-2008-active-directory-deleting.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment