How to delete a protected OU in Active Directory

Taken from http://technet.microsoft.com/en-us/library/cc736842(v=ws.10).aspx

To remove protection that prevents an OU from accidental deletion:

  1. Log on to the computer as a member of the Domain Admins group.
  2. Open Active Directory Users and Computers.
  3. Click View, and then click Advanced Features.
  4. First, clear permissions on the OU for which you want to remove protection. To do this, right-click the OU, and then click Properties.
  5. In OU Properties, click the Security tab, and then click Advanced.
  6. In Permission Entries, select the Deny entry for the Everyone group, and then click Remove.
  7. Click OK to close the Advanced Security Settings, and then click OK to close OU Properties.
  8. Second, clear permissions on the parent container of the OU for which you want to remove protection. To do this, right-click the parent container, and then click Properties.
  9. In ContainerProperties, click the Security tab.
  10. In Group or user names, select the Everyone group, and then clear the Deny check box for Delete All Child Objects, and then click OK to close Container Properties.

EDIT

A much easier way is to make sure View > Advanced Features is ticked in Active Directory Users and Computers, then right-click > Properties on the object of choice, navigate to the Object Tab, then untick Protect object from accidental deletion:

Change computer names remotely using NETDOM on Windows XP

I got this familiar error message earlier when trying to change the computer name of a Windows XP machine:

“Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again”

To get around this, I used the following netdom command from my PC (replace capital words with your own):
netdom renamecomputer OLDCOMPUTERNAME /newname:NEWCOMPUTERNAME /userD:domain\administrator /passwordd:ADMINPASSWORD /usero: domain\administrator /passwordo: ADMINPASSWORD  /reboot:10
This renamed the computer and rebooted the little sucker in 10 seconds.

Read more about the netdom command here.

Adding a Windows Server 2008 R2 domain controller to a Windows 2003 domain

You need to add the first Windows Server 2008 R2 domain controller to your Windows 2003 domain, but you’re not sure what preparation you need to take, or what’s involved in the process.

Don’t be afraid, it’s quite simple. Follow the steps below:

[Read more…]

How to raise the forest and domain functional level for Windows Server 2003

When doing certain tasks (like adding a Windows Server 2008 R2 domain controller to a Windows 2003 domain) or installing certain applications, you may find that you need to raise the forest and/or domain functional level.

Follow the steps below:

[Read more…]

How to find out which servers hold the FSMO roles in your forest/domain

Just a quick tip on finding which servers hold the Flexible Single Master Operations(FSMO) roles.
Enter the following at the command prompt from any Domain Controller:

for %x in (schema name infr pdc rid) do dsquery server -forest -hasfsmo %x

An explanation of the roles and how to transfer them can be found here: http://support.microsoft.com/kb/324801

Edit: An even quicker way is to type:

netdom query fsmo