I’m at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we’ll focus on one. How to protect all OU’s from Accidental Deletion.
Here’s a quick PowerShell to determine what OU’s are not currently protected from accidental deletion:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft
Now that you know what OU’s need work, we can pass that into a set command to go ahead and get those OU’s protected.
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
Lastly, we can verify that all of our OU’s are now protected. The column ProtectFromAccidentalDeletion should now say True.
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft