{"id":462,"date":"2012-08-29T16:36:07","date_gmt":"2012-08-29T15:36:07","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/isg\/?p=462"},"modified":"2012-08-29T16:36:07","modified_gmt":"2012-08-29T15:36:07","slug":"the-importance-of-protecting-ad-objects-against-accidental-deletion","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/isg\/?p=462","title":{"rendered":"The Importance of Protecting AD Objects against accidental deletion"},"content":{"rendered":"<p>I\u2019ve recently had to go through the process of restoring a series of OU objects which is not at all fun even with the <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/dd392261(v=ws.10)\">AD Recycle Bin feature<\/a> that came along with Windows Server 2008 R2.<\/p>\n<p>It\u2019s easy to make mistakes though but most can be averted with the \u2018Protect Object from Accidental Deletion\u2019 flag. In order to toggle this value in the ADUC console select View &gt; Advanced Features.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" style=\"color: #333333;font-style: normal;line-height: 24px\" src=\"http:\/\/wit.ncl.ac.uk\/blog_files\/adele\/protection.jpg\" alt=\"\" width=\"404\" height=\"448\" \/><\/p>\n<p>Once selected the object tab is available which allows you to toggle the object.<\/p>\n<p>Any <strong><span style=\"text-decoration: underline\">OU<\/span><\/strong><span style=\"text-decoration: underline\">s<\/span> in the University Active Directory that have been created using the Server 2008\/Vista or later AD tools will have the value set by default. Other objects such as users and computers do not get the value automatically.<\/p>\n<p>If you would like to set the property on all OUs or all Objects in given OU then you can run the following commands using the <a href=\"http:\/\/www.quest.com\/powershell\/activeroles-server.aspx\">Quest AD Commandlets<\/a> with appropriate rights:<\/p>\n<p><strong>For OUs only<\/strong><\/p>\n<pre>get-qadobject -sizelimit 0 -type OrganizationalUnit -SearchRoot \"OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk\" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete<\/pre>\n<p><strong>For Computers Only<\/strong><\/p>\n<pre>get-qadobject -sizelimit 0 -type OrganizationalUnit -SearchRoot \"OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk\" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete<\/pre>\n<p><strong>For Everything<\/strong><\/p>\n<pre>get-qadobject -sizelimit 0 -SearchRoot \"OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk\" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete<\/pre>\n<p><span style=\"text-decoration: underline\"><span style=\"color: #ff0000\"><strong>REMEMBER TO TEST YOUR SCRIPT FIRST!<\/strong><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I\u2019ve recently had to go through the process of restoring a series of OU objects which is not at all fun even with the AD Recycle Bin feature that came along with Windows Server 2008 R2. It\u2019s easy to make &hellip; <a href=\"https:\/\/blogs.ncl.ac.uk\/isg\/?p=462\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":4740,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,23,28],"tags":[],"class_list":["post-462","post","type-post","status-publish","format-standard","hentry","category-activedirectory","category-security","category-windowsserver"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/users\/4740"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=462"}],"version-history":[{"count":7,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/462\/revisions"}],"predecessor-version":[{"id":469,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/462\/revisions\/469"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}