Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

I’m at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we’ll focus on one. How to protect all OU’s from Accidental Deletion.

Here’s a quick PowerShell to determine what OU’s are not currently protected from accidental deletion:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

Now that you know what OU’s need work, we can pass that into a set command to go ahead and get those OU’s protected.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Lastly, we can verify that all of our OU’s are now protected. The column ProtectFromAccidentalDeletion should now say True.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft

Leave a Reply

Your email address will not be published. Required fields are marked *