I bet most net admins have accidentally deleted something in Active Directory. Whether it is a wild mouse click, a fat finger on the keyboard, a distraction, or a simple error, it is not convenient in Active Directory, as there is no Recycle Bin.
Windows Server 2008 provides a new feature for organizational units (OUs) that makes it more difficult to delete a unit. The new feature is applied to new OUs when they are created, and it makes the deletion of the protected OUs a very deliberate action.When you create a new OU, the default behavior is to have the OU protected, as shown in Figure A. Figure A
This does not mean that the OU is permanent; it simply means that when advanced features are viewed within the Active Directory Users And Computers console, you can right-click the OU's Properties and unprotect it from the Object tab. Once the object is in the unprotected mode, it can be deleted normally.
Using the Protect option for all non-development OUs would be a good practice to prevent a drill on the Active Directory authoritative restore procedure in the event of a true accidental deletion. When the OU is protected, it can, however, be moved and renamed.
Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.