Can’t delete orphaned DC – Access is denied

Deleting an orphaned Active Directory Domain Controller fails with error:

Active Directory Domain Services

Windows cannot delete object LDAP:// ……………………
Access is denied.

First obvious step is to make sure that your user account has permissions to delete objects in the OU in question.

If user permissions are not the problem, check that computer object you are deleting and any objects contained within it are not protected from accidental deletion. Right click on the object, go to Properties > Object and make sure that the checkbox next to “Protect from accidental deletion” is not checked.

Protect from accidental deletion

If you can’t see Object tab, enable “Advanced Features” in the View menu.
To be able to see sub-objects, also check “Users, Contacts, Groups, and Computers as containers“.

Advanced Features in Active Directory Users and Computers

Also click on “NTDS Settings” in General tab of DC object Properties. Make sure that “Protect from accidental deletion” is not checked.

NTDS Settings Properties - Protect from accidental deletion

Windows Server 2008 R2


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *