Delete a tree of protected objects in Active Directory

  • September 22, 2017
  • November 25, 2018

To delete an entire tree structure with objects (typically Organizational Units) with the flag “ProtectedFromAccidentialDeletion” we first need to remove the flag. We can then select the top node and delete the entire tree.

Needless to say, you should probably use this with caution. If you don’t want to remove the protection from every OU in the specified SearchBase you need to split up and run the command multiple times with different values for the SearchBase-argument

Get-ADOrganizationalUnit -Filter * -SearchBase "ou=DeleteTheseUsers,ou=Users,dc=contoso,dc=com" | Set-ADObject -ProtectedFromAccidentalDeletion $false