Active Directory - Viewing and protecting unprotected organizational units with Powershell
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
I presented, in a previous article the Best Practice Analyzer which contains for the Active Directory role a rule that checks if all organisation units are protected against accidental deletion (and moving) but without telling us which ones if it detects any.
Fortunately PowerShell is there to help us quickly list and protect them.
# Show unprotected OUs against accidental deletion.$OuNotProtected = Get-ADOrganizationalUnit -Filter * -Properties ProtectedFromAccidentalDeletion | Where-Object ProtectedFromAccidentalDeletion -eq $false# Or$OuNotProtected = Get-ADOrganizationalUnit -Filter * -Properties ProtectedFromAccidentalDeletion | Where-Object -FilterScript { $_.ProtectedFromAccidentalDeletion -eq $false }# Or$OuNotProtected = Get-ADOrganizationalUnit -Filter * -Properties ProtectedFromAccidentalDeletion | Where-Object -FilterScript { !$_.ProtectedFromAccidentalDeletion }
# Display the result in an interactive table$OuNotProtected | Select-Object -Property Name, DistinguishedName | Out-GridView
# Display the result in a CSV$OuNotProtected | Select-Object -Property Name, DistinguishedName | Out-GridView Export-Csv -Path c:\OuNotProtected.csv
# Protect all unprotected OUs$OuNotProtected | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $trueRelated links
Powershell - How to add and view a GPO description
How to add and view a GPO description in PowershellActive Directory - Viewing and protecting unprotected organizational units with Powershell
Active Directory - Viewing and protecting unprotected organizational units with PowershellPowershell - Testimo module for testing your Active Directory
Testimo is a PowerShell module designed to facilitate basic or more advanced testing of Active DirectoryPowershell - presentation of the GPOZaurr module for analysing your GPOs
The GPOZaurr module allows you to analyse your GPOs and also to modify or even delete themPowershell - AD As Built Report module overview
Microsoft AD As Built Report is a PowerShell module that works in conjunction with AsBuiltReport.Core to generate a report on your Active DirectoryHow to join an Active Directory domain with PowerShell DSC
Joining an Active Directory domain with PowerShell DSC
Follow me on
Support me
Last content
Powershell and the Left Hand Side
Powershell - Managing disks, partitions and volumes
Powershell - Managing System Restore Points in Windows
Powershell - Playing with the Windows clipboard
Powershell - Changing the state of a computer (sleep, hibernate, shutdown, restart)
Powershell - Compress-Archive and Expand-Archive to create and extract ZIP archives
Powershell - Export-Csv versus Export-Clixml
Powershell - Overview of Where-Object basic syntax and its limitations
Powershell - Hyper-V - Give a custom name to a virtual network adapter