Symptom: When running the Microsoft Best Practices Analyzer on Server 2008 - Server 2012 R2, you receive the following warning:
All OUs in this domain should be protected from accidental deletion
What is accidental deletion?
By protecting all OUs in the domain from accidental deletion, you will prevent yourself from being able to simply right click and delete an organizational unit in Active Directory Users and Groups. By enabling accidental deletion on all OUs, you will have to take an extra step to delete the OU (which can be nice, as you don't want to accidentally delete an OU with important users or groups in it).
Complete the steps below to enable protect all OUs in the domain from accidental deletion.
- Open up Server Manager
- Click Tools and select Active Directory Module for Windows PowerShell
- Optional Step: Execute the following command to see which OUs are not currently protected from accidental deletion
- Execute the following command to protect all OUs in the domain from accidental deletion
Notes: An official KB article from Microsoft on this subject can be found here: http://technet.microsoft.com/en-us/library/dd723677(v=ws.10).aspx
this was tremendously helpful. domains brought forward from prior than 2008 are likely to need this step