Prevent Accidental Object Deletion in Active Directory

by Chris Sanders [Published on 19 Jan. 2011 / Last Updated on 30 Nov. 2009]

If you work with Active Directory long enough, chances are that you will accidentally delete something you shouldn’t. Windows Server 2008 puts a new feature in place to prevent this from happening.

There are some things in life that if you live long enough you will eventually see. This applies to administering Active Directory as well. If you do it long enough, eventually you will see yourself accidentally delete something you shouldn’t. Whether its just a user or a whole organizational unit (woops!) , its never good news.

Luckily, Microsoft probably had a few people make this same mistake and implemented a feature to easily protect against it. If you view the properties of an object in the Active Directory Users and Computers console and go to the Object tab, you will find the option to Protect Object from Accidental Deletion. If you select this, you won’t be able to delete the object on a whim.

If you have people on staff who tend to be a little trigger happy then enabling this for all objects in your AD infrastructure may not be the worst idea.

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links