Tuesday, February 9, 2010

Protect "old" OUs from accidental deletion

In Win 2K8 and newer. There is a a check-box you can set to protect an OU from accidental deletion. This is good, but if you don't use ADUC in Win 2K8 (or R2) it will not be set by default. Also if you upgraded or migrated to a Win 2K8 (or R2) it won't be set automagically on "old" objects. So here is two ways of doing it.

for /f "tokens=*" %i in ('dsquery ou -limit 0') do dsacls %i /d everyone:SDDT

or:

Get-ADOrganizationalUnit -filter * |

Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
 
(the above should be one line)
 
Thank you Ulf for posting these two one-liners!

No comments:

Post a Comment