Windows Server

Protect organizational units from deletion in Windows Server 2008

If you accidentally delete an organizational unit (OU) in Active Directory, there's no need to panic. This Windows Server 2008 tip describes a new feature that makes the deletion of the protected OUs a very deliberate action.

I bet most net admins have accidentally deleted something in Active Directory. Whether it is a wild mouse click, a fat finger on the keyboard, a distraction, or a simple error, it is not convenient in Active Directory, as there is no Recycle Bin.

Windows Server 2008 provides a new feature for organizational units (OUs) that makes it more difficult to delete a unit. The new feature is applied to new OUs when they are created, and it makes the deletion of the protected OUs a very deliberate action.

When you create a new OU, the default behavior is to have the OU protected, as shown in Figure A. Figure A

Figure A

This does not mean that the OU is permanent; it simply means that when advanced features are viewed within the Active Directory Users And Computers console, you can right-click the OU's Properties and unprotect it from the Object tab. Once the object is in the unprotected mode, it can be deleted normally.

Using the Protect option for all non-development OUs would be a good practice to prevent a drill on the Active Directory authoritative restore procedure in the event of a true accidental deletion. When the OU is protected, it can, however, be moved and renamed.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

3 comments
mailforabhishek
mailforabhishek

It is Great Feature of Windows server 2008 and thanks for sent to me

network admin
network admin

That was very informative. I've only been a Network Admin for a few months. I dbl, even trp, check before hitting the ok or yes button! This feature will drop my paranoia down a notch!

halonsx
halonsx

I have seen many admins whom are very quick with the mouse which scares me sometimes. It is only a matter of time before an unwanted mouse click occurs.

Editor's Picks