Can't delete orphaned DC - Access is denied

Deleting an orphaned Active Directory Domain Controller fails with error:

Active Directory Domain Services

Windows cannot delete object LDAP:// ........................
Access is denied.

First obvious step is to make sure that your user account has permissions to delete objects in the OU in question.

If user permissions are not the problem, check that computer object you are deleting and any objects contained within it are not protected from accidental deletion. Right click on the object, go to Properties > Object and make sure that the checkbox next to "Protect from accidental deletion" is not checked.

Protect from accidental deletion

If you can't see Object tab, enable "Advanced Features" in the View menu.
To be able to see sub-objects, also check "Users, Contacts, Groups, and Computers as containers".

Advanced Features in Active Directory Users and Computers

Also click on "NTDS Settings" in General tab of DC object Properties. Make sure that "Protect from accidental deletion" is not checked.

NTDS Settings Properties - Protect from accidental deletion

Windows Server 2008 R2


+2 # qlphon 2014-07-02 15:22
Excelent! I've dig a lot of KB articles and forum conversations, but finaly only you pointed what is realy important and how to do that!

Thank you!


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait