“Two lines that can save your AD from a crisis”. Not a bad thing to do as it will prevent you or another admin to accidentally delete users or computer objects.
# Set the "ProtectedFromAccidentalDeletion" attribute to "true" on all users,
# computers and groups in your domain where the attribute is set to "false"
Get-ADObject -filter {ObjectClass -eq "user" -or objectclass -eq "group"} -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADObject -ProtectedFromAccidentalDeletion:$true
If you try to delete a user og computer object, you will get an error stating the object is protected from accidental deletion. You will have to untick the “Protect object from accidental deletion”:
What if you’d like to move the user object to a different OU? Same error as above. You must set the attribute to ‘false’.
If you have hundreds of objects in an OU you’d like to move, it’s easier to use Powershell to revert the attribute of all objects in the spesific OU:
Get-ADObject -SearchBase 'OU=OU1,dc=domain,dc=com' -filter {ObjectClass -eq "user" -or objectclass -eq "group"} -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $true} | Set-ADObject -ProtectedFromAccidentalDeletion:$false
No comments:
Post a Comment