Protect AD OUs from Accidental Deletion with PowerShell

Today we’re talking a little more about Active Directory reconnaissance, for lack of a better term. If I start a new job, the first thing I want to do is find out how my infrastructure is configured. This script will search through Active Directory, or a subset of Active Directory, and look for Organizational Units that are not protected from accidental deletion.

My own best practice is to make sure everything in Active Directory is protected from accidental deletion. This script makes it easy to find the OUs that are not protected and protect them, without you having to waste a bunch of time clicking through Active Directory.

You could also remove the code below if you want to search for all object classes, not just OUs.

-and $_.ObjectClass -eq "organizationalUnit

It’s nothing complicated, but it is useful.