DRA cannot manage the 'Protect object from accidental deletion' flag on 2008 OUs

  • 7022233
  • 27-Oct-2017
  • 27-Oct-2017

Environment

Directory & Resource Administrator 9.1.0

Situation

DRA cannot manage the 'Protect object from accidental deletion' flag on 2008 OUs
 If the 'Protect object from accidental deletion' flag is set on a 2008 (or later) OU in AD, DRA has no way of deleting the OU or untoggling this flag

Resolution

DRA now has the PreventFromAccidentalDeletion attribute that can be set on any object. This is resolved in DRA 9.1.0

Cause

Customer was getting an "Access Denied" message when he tried to delete some OUs using DRA.  The OUs had no objects in them or nested OUs.  They also had no leaf objects that can be seen using ADSI edit.  These OUs were created on 2008 R2 and have the "Protect object from accidental deletion" flag set.  When this is toggled off and after an IACR, DRA can then successfully delete the OUs.  However, there is no current way for DRA to manage this field because it is not a true attribute.  When toggled it sets an ACL on the OU.  DRA does not manage ACLs.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.