Visiem OU šajā domēnā ir jābūt aizsargātiem pret nejaušu dzēšanu.
Visiem OU šajā domēnā ir jābūt aizsargātiem pret nejaušu dzēšanu.
Severity: Warning
Problem: Some organizational units (OUs) in this domain are not protected from accidental deletion.
Impact: If all OUs in your Active Directory domains are not protected from accidental deletion, your Active Directory environment can experience disruptions that might be caused by accidental bulk deletion of objects.
Resolution:Make sure that all OUs in this domain are protected from accidental deletion.
Best Practices Analyzer
With Active Directory Users and Computers console
Uz “protect an OU from accidental deletion”, rīkojieties šādi:
- AtvērtActive Directory Users and Computers console;
- Right click the OU that you want to protect from accidental deletion, un noklikšķinietĪpašības;
- Go to the tabObject, check “Protect object from accidental deletion” un noklikšķinietlabi.
PIEZĪME: If you don’t see the Object tab you must enable Advanced Features. In the Active Directory Users and Computers, console click View and select Advanced Features.
With Windows PowerShell
1. Skrien Windows PowerShell as Admin on Domain Controller;
2. Type the following to list all OU’s where the option “Protect object from accidental deletion” is disabled:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft
3. Enter the following command in PowerShell:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
4. To verify all OU’s are modified, enter this command in PowerShell:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft
5. The columnProtectFromAccidentalDeletion should beTrue in all lines.