September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
5.5. Deleting an OU
Problem
You want to delete an OU and all objects in it.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on “Active Directory Users and Computers” in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the OU you want to delete, right-click on it, and select Delete.
Click Yes.
If the OU contains child objects, you will be asked for confirmation again before deleting it. Click Yes.
Using a command-line interface
To delete an OU and all objects contained within, use the
-subtree option with the dsrm
command. If you don’t use
-subtree and the object you are trying to delete
has child objects, the deletion will fail.
> dsrm "<OrgUnitDN>" -subtreeUsing VBScript
' This code deletes an OU and all child objects of the OU
set objOU = GetObject("LDAP://<OrgUnitDN>")
objOU.DeleteObject(0)Discussion
Deleting OUs that do not contain objects is just like deleting any other type of object. Deleting an OU that contains objects requires a special type of delete operation. The “Tree Delete” LDAP control (OID: 1.2.840.113556.1.4.805) must be used by the application or script to inform AD to delete everything contained in the OU. All three solutions in this case use the control “under the covers,” but if you were going to perform the operation via an LDAP, such as LDP, you would need to enable the control first.
See Also
Recipe 4.3 for using LDAP ...