IT Stuff I Learned Today: All OUs in this Domain Should be Protected from Accidental Deletion

Thursday, October 1, 2015

All OUs in this Domain Should be Protected from Accidental Deletion

I run the best practices analyzer on my domain controllers on the first of the month, every month.

Today I got this result: All OUs in this Domain Should be Protected from Accidental Deletion

So this begets the question: How do I find out which OUs are not protected?

Answer: Of course, make sure you are running this command after doing an import-module activedirectory, from a computer that has the Active Directory Powershell module installed.

The command is:
Get-ADOrganizationalUnit -filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $False} | select DistinguishedName

There may be a good reason for them not to be protected, but if you want to go ahead and set protection on each OU, you can run this command:
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

IT Stuff I Learned Today

Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Thursday, October 1, 2015

All OUs in this Domain Should be Protected from Accidental Deletion

No comments:

Post a Comment