I recently had to run the BPA (Best Practices Analyzer) for the AD Directory Services – and to be honest that was for the first time…:) As a result I received the following message: „All OU's in this domain should be protected from accidental deletion".
And as we all want to follow the best practices I decided that something needs to be improved... :) I estimated manual clicking time on the containers for 2 or 3 hours so the PowerShell came with help.
A little reading on the TechNet sites and a few commands saved a lot of time.
Here's what to do:
- Launch PowerShell and then type:
- Get-Module ActiveDirectory
- Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
And that's all… :) Now you are protected… :)
Following best practices is easy, isn't it...??
Following best practices is easy, isn't it...??
