This is my personal blog. The opinions and views I express are my own. The information I provide is on an as-is basis. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this blog and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its use.

Protect Active Directory Organizational Units from Accidental Deletion with PowerShell

Today we’re talking a little more about Active Directory reconnaissance, for lack of a better term. If I start a new job, the first thing I want to do is find out how my infrastructure is configured. This script will search through Active Directory, or a subset of Active Directory, and look for Organizational Units that are not protected from accidental deletion.

My own best practice is to make sure everything in Active Directory is protected from accidental deletion. This script makes it easy to find the OUs that are not protected and protect them, without you having to waste a bunch of time clicking through Active Directory.

You could also remove the code below if you want to search for all object classes, not just OUs.

It’s nothing complicated, but it is useful.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.