Thursday, February 3, 2011

Protect Organizational Units from Deletion

While this is a real simple script it could save you from a lot of problems later. Have you (or any of your users) accidently right-clicked on a folder and moved it somewhere and you just can’t find it afterwards? Image that happing to your AD because an administrator made a mistake moving the mouse. Even worse when you did it yourself and you notice half a second too late.

In Windows 2008 R2 it defaults to being protected, however if the OU needed to be moved or was upgraded the flag may not be set.

This simply searches all your OU in Active Directory and if the ‘ProtectedFromAccidentalDeletion’ flag is not set to TRUE it sets it, it doesn’t matter how deeply buried.

Import-Module ActiveDirectory

$OU = Get-ADOrganizationalUnit -Filter {Name -like "*"} -property ProtectedFromAccidentalDeletion | Where-Object {$_.ProtectedFromAccidentalDeletion -eq $False} 

foreach ($UNIT in $OU) {

Set-ADOrganizationalUnit $UNIT -ProtectedFromAccidentalDeletion $true 


Hope this saves at least one person a late evening of stress and heartache!

No comments:

Post a Comment