Share via

How To Scirpt protect an OU from accidental deletion and move to ohter OU

Anonymous
2023-09-15T10:15:53+00:00

The script method uses the command prompt for active directory disabled users in an OU to release all "object from accidental deletion" protection so that it can be moved to a special OU.

then create a script to move disabled OU to special OU

then reactivate disabled users in certain OUs so that they are used to log users

Thank You

Windows for business | Windows Server | User experience | PowerShell

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-09-15T20:47:56+00:00

    I will share with you some scripts to answer your query :

    1. Release "Object from Accidental Deletion" Protection for Disabled Users in an OU:

    # Specify the DN (DistinguishedName) of the source OU with disabled users<br> $sourceOU = "OU=DisabledUsers,DC=example,DC=com"<br> <br> # Get a list of disabled user objects in the source OU<br> $disabledUsers = Get-ADUser -SearchBase $sourceOU -Filter {Enabled -eq $false}<br> <br> # Iterate through the list and remove the "Object from Accidental Deletion" protection<br> foreach ($user in $disabledUsers) {<br> $user Set-ADObject -ProtectedFromAccidentalDeletion $false<br> }

    Replace "OU=DisabledUsers,DC=example,DC=com" with the DN of your actual source OU.

    2. Move Disabled Users to a Special OU:

    # Specify the DN of the target special OU where you want to move the disabled users<br> $targetOU = "OU=SpecialUsers,DC=example,DC=com"<br> <br> # Move disabled users to the special OU<br> $disabledUsers ForEach-Object {<br> Move-ADObject -Identity $_.DistinguishedName -TargetPath $targetOU<br> }

    Replace "OU=SpecialUsers,DC=example,DC=com" with the DN of your actual target OU.

    3. Reactivate Disabled Users in Certain OUs:

    If you want to reactivate users in specific OUs, you'll need to identify those OUs and enable the users within them. Here's a basic example:

    # Specify the DNs of the OUs where you want to reactivate users<br> $ou1 = "OU=OU1,DC=example,DC=com"<br> $ou2 = "OU=OU2,DC=example,DC=com"<br> <br> # Get a list of disabled users in the specified OUs<br> $usersToReactivate = Get-ADUser -SearchBase $ou1, $ou2 -Filter {Enabled -eq $false}<br> <br> # Iterate through the list and enable the users<br> foreach ($user in $usersToReactivate) {<br> $user Enable-ADAccount<br> } 
    Replace $ou1 and $ou2 with the DNs of the OUs where you want to reactivate users.
Before running these scripts in a production environment, it's crucial to thoroughly test them in a safe environment or with a limited set of users to ensure they behave as expected.
    4 people found this answer helpful.
    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Anonymous
    2023-09-18T03:10:02+00:00

    Thank you very much for the script

    I will try it

    Once again, thank you so much

    0 comments
  4. Anonymous
    2023-09-18T10:12:58+00:00

    Hi,

    If the reply above is helpful, please help to mark it as answer so that it can be found more easily.

    Best Regards,

    Ian Xue

    0 comments