Powershell: Protect from accidental deletion script

Parity123
Parity123 used Ask the Experts™
on
Hello All,

I have the following oneliner script:

$domaindn="dc=abc,dc=com"
Get-ADOrganizationalUnit -server abc.com -SearchBase "$domaindn" -Searchscope 1 -filter * -properties ProtectedFromAccidentalDeletion | set-adobject  -ProtectedFromAccidentalDeletion:$true

I am getting the following error:
"This access control list is not in canonical form and therefore cannot be modified"

Please help.

Regards,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
Commented:
try this.
$domaindn="dc=abc,dc=com"
Get-ADObject -SearchBase $domaindn -filter * -properties CanonicalName | set-adobject  -ProtectedFromAccidentalDeletion:$true

Open in new window

Top Expert 2014
Commented:
When I try your (Parity123) code I get a different error because Set-ADObject cannot take pipeline input from Get-ADOrganizationalUnit.  The way around it is shown below.
$domaindn="dc=abc,dc=com"
Get-ADOrganizationalUnit -server "abc.com" -SearchBase $domaindn -Searchscope 1 -filter * -properties ProtectedFromAccidentalDeletion | % { Set-ADObject $_.distinguishedname -ProtectedFromAccidentalDeletion $true }

Open in new window


If you try that and still get your error, then maybe it's telling the truth and there is something up with your permissions (not PS code) that's blocking.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial