wlasner
asked on
How to delete an admin user who is protected from accidental deletion....
Over a year ago we enlisted the services of an outside exchange server tech who created an admin acount for them selves. I need to delete this account from exchange server as well as Active Directory but it is protected from "Accidental Deletion". I cannot find where to remove this option. i moved the user to a different OU which did not help.
Please advise how I can force the deletion of this users from the AD / exchange server.
thank you
Wayne
Please advise how I can force the deletion of this users from the AD / exchange server.
thank you
Wayne
ASKER
So, I did this but the box is not selected in AD. the option must be coming from somewhere else.
check it at the OU level, same place and untick it to delete the account, it'll protect it and it's contents.
So untick
So untick
ASKER
same thing.... not protected. This is bizarre.
Check the security of the account, add your username to the security and then delete it that way.
If you still can't delete it i'm guessing they have protected it in the Schema or something.
If you still can't delete it i'm guessing they have protected it in the Schema or something.
ASKER
Not resolved. I'm at a loss here. Appreciate your help. If you think of anything else to try, please let me know.
thanks
wayne
thanks
wayne
Ok,
Move the account out of that OU into a top level OU and then delete it. You can create a top level OU, move it there, then try to remove it.
Alternatively, you can disable it. Same goal essentially.
Move the account out of that OU into a top level OU and then delete it. You can create a top level OU, move it there, then try to remove it.
Alternatively, you can disable it. Same goal essentially.
ASKER
No Luck. Is there a command line that could accomplish this?
Open the Advanced Features View in AD Users and Computers, find his account, right click > Properties > security tab. There is likely a Deny entry there that you'll need to remove from the list. Worst case, if you can't figure out how to delete the account, disable it to prevent login (I'd recommend doing this while you're working on finding the cause of the delete issue).
how many AD servers do you have? one thing that will slow this process down is AD propogation. if you have multiple ad sites you will need to let things prop between steps.
ASKER
We have two DC's on the same network. I'll try again later.... thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, using adsiedit and adding full control allowed me to delete the user object. thank you.
ASKER
Thank you all for your assistance.
Wayne
Wayne
Right click the user go to properties
Then object
Then untick protect object from accidental deletion
note: you may need to navigate to the ou where the account is.