IT Stuff I Learned Today: All OUs in this Domain Should be Protected from Accidental Deletion

I run the best practices analyzer on my domain controllers on the first of the month, every month.

Today I got this result: All OUs in this Domain Should be Protected from Accidental Deletion

So this begets the question: How do I find out which OUs are not protected?

Answer: Of course, make sure you are running this command after doing an import-module activedirectory, from a computer that has the Active Directory Powershell module installed.

The command is:
Get-ADOrganizationalUnit -filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $False} | select DistinguishedName

There may be a good reason for them not to be protected, but if you want to go ahead and set protection on each OU, you can run this command:
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

IT Stuff I Learned Today

Thursday, October 1, 2015

All OUs in this Domain Should be Protected from Accidental Deletion

No comments:

Post a Comment