You have created OU in Active Directory and for some reason such as you make a mistake or you do not need anymore this OU, you would like to delete this OU from your Active Directory. You right-clik on OU and try delete. Instead of deletion you are getting this message:
You do not have sufficient privileges to delete OU, or this object is protected from accidental deletion.
This is default behavior and protection so you do not delete OU by accident when you are working in Active Directory console. If you would like to delete this OU from Active Directory you have to follow few steps bellow and remove the protection. Once done, you will be able to delete the OU from AD.
To remove protection that prevents an OU from accidental deletion [KB – cc736842]
- Log on to the computer as a member of the Domain Admins group.
- Open Active Directory Users and Computers.
- Click View, and then click Advanced Features.
- First, clear permissions on the OU for which you want to remove protection. To do this, right-click the OU, and then click Properties.
- In OU Properties, click the Security tab, and then click Advanced.
- In Permission Entries, select the Deny entry for the Everyone group, and then click Remove.
- Click OK to close the Advanced Security Settings, and then click OK to close OU Properties.
- Second, clear permissions on the parent container of the OU for which you want to remove protection. To do this, right-click the parent container, and then click Properties.
- In ContainerProperties, click the Security tab.
- In Group or user names, select the Everyone group, and then clear the Deny check box for Delete All Child Objects, and then click OK to close Container Properties.
Membership in the Domain Admins group, or equivalent, is required to complete this procedure.