15.14. Deleting an Object

Problem

You want to delete an object or container from Active Directory.

Solution

Using a graphical user interface

  1. Open ADSI Edit.

  2. If an entry for the naming context you want to browse is not already displayed, do the following:

    1. Right-click on ADSI Edit in the right pane and click Connect to....

    2. Fill in the information for the naming context, container, or OU where the object you want to delete is contained. Click on the Advanced button if you need to enter alternate credentials.

  3. In the left pane, browse to the object you want to delete.

  4. Right-click on the object and select Delete.

  5. Click Yes to confirm.

Using a command-line interface

Use the following command to delete a single object:

> dsrm "<ObjectDN>"

Use the following command to delete a container and its child objects:

> dsrm "<ObjectDN>" -subtree

Using VBScript

strObjectDN = "<ObjectDN>"
set objUser = GetObject("LDAP://" & strObjectDN)
objUser.DeleteObject(0)

Discussion

There is not much difference between deleting a leaf node and deleting a container that has child objects. However, there is a distinction in what is happening in the background.

Deleting an object that has no children can be done with a simple LDAP delete operation. On the other hand, to delete a container and its children, the tree delete LDAP control has to be used. If you were to do the deletion from an LDAP-based tool like LDP, you would first need to enable the Subtree Delete control, which has an OID of 1.2.840.113556.1.4.805. LDP provides ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.