How to protect all existing Organizational Units (OUs) in your Active Directory domain from Accidental Deletion by using PowerShell

,

We recently took on a new hire, although I was confident in their ability in managing Active Directory I wanted to take an extra step in protecting Organizational units from deletion.  I was sure that I could do this quickly using PowerShell instead of right-clicking each of our 80 odd OUs and going into their properties.

To do this we need to open the Active Directory Module for Windows PowerShell as an administrator.  Since I began in my System Admin role, I was creating OUs that were protected, so I only really needed to do this to the ones that were already here.  So first we need to work out what OUs are not protected from this list using PowerShell I can easily pipe it into the command we need to issue to protect the OUs

The first command below will output a list of all OUs currently not protected.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | 
where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

This command does the above but also sets the ProtectedFromAccidtenalDeletion to True.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | 
where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit 
-ProtectedFromAccidentalDeletion $true

Once this command is issued, all the Organizational Units in our Active Directory have become protected and should help prevent you from getting into those sticky situations where someone (could be you) from deleting one by mistake.


Leave a Reply

More Posts

Applying inherit rights (inheritable) for permissions to a large number of Active Directory objects

I was recently involved in a project to help secure a School’s Active Directory environment.  After sitting down and planning what we wanted to achieve in terms of account security we went to work.  After setting up all of the IT based security groups and assigning and delegating the appropriate rights and permissions we found […]

Aruba Switches and Trancievers

Vendors tend to lock down the type of transceivers you can use on their SFP/SFP+ and QSFP ports. They do this for a number of reasons but mainly in the spirit of support and quality (which I can understand). there are a number of guidelines around agreed upon by networking vendors that fall under Multi-Source […]

Using custom OWA URLs in SharePoint to display your inbox as well as calendar and other items

This one has been sitting in my drafts folder for a while but last year I was experimenting with our SharePoint environment and thought it would be a cool idea to have a view of our web mail and calendar come up into our SharePoint homepage as web parts. Now if you are running SharePoint […]