Environment
Directory & Resource Administrator 9.1.0
Situation
DRA
cannot manage the 'Protect object from accidental deletion' flag on 2008 OUs
If the 'Protect object from accidental deletion' flag is set on a 2008 (or
later) OU in AD, DRA has no way of deleting the OU or untoggling this flag
Resolution
DRA now has the PreventFromAccidentalDeletion attribute that can be set on any object. This is resolved in DRA 9.1.0
Cause
Customer was getting an "Access Denied" message when he tried to delete some OUs using
DRA. The OUs had no objects in them or nested OUs. They also had
no leaf objects that can be seen using ADSI edit. These OUs
were created on 2008 R2 and have the "Protect object from accidental deletion"
flag set. When this is toggled off and after an IACR, DRA can then successfully delete the OUs. However, there is no current way for DRA to manage
this field because it is not a true attribute. When toggled it sets an ACL on
the OU. DRA does not manage ACLs.