All OUs in this dominio should be protected from accidental deletion.
All OUs in this dominio should be protected from accidental deletion.
Severity: Advertencia
Problem: Some organizational units (OUs) in this dominio are not protected from accidental deletion.
Impact: If all OUs in your Directorio activo domains are not protected from accidental deletion, su Directorio activo environment can experience disruptions that might be caused by accidental bulk deletion of objects.
Resolución:Make sure that all OUs in this dominio are protected from accidental deletion.
Best Practices Analyzer
With Active Directory Users and Computers console
To “protect an OU from accidental deletion”, haz lo siguiente:
- Abierto Directorio activo Usuarios y computadoras consola;
- Right click the OU that you want to protect from accidental deletion, y haga clic Propiedades;
- Go to the tab Object, check “Protect object from accidental deletion” and click DE ACUERDO.
NOTA: If you don’t see the Object tab you must enable Advanced Features. En el Directorio activo Usuarios y computadoras, console click Vista and select Funciones avanzadas.
With Windows PowerShell
1. Correr Windows PowerShell as Admin en Dominio Controlador;
2. Type the following to list all OU’s where the option “Protect object from accidental deletion"está deshabilitado:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | dónde {$_.ProtectedFromAccidentalDeletion -eq $false} | ft
3. Enter the following command in PowerShell:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | dónde {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
4. To verify all OU’s are modified, enter this command in PowerShell:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | dónde {$_.ProtectedFromAccidentalDeletion} | ft
5. The column ProtectFromAccidentalDeletion should be True in all lines.
