Export (0) Print
Expand All

Deleting Directory Service Objects

Microsoft® Windows® 2000 Scripting Guide

In the life cycle of an object, the final management task is deletion. All of the preceding code examples started by performing a task to create or act on the OU named HR. This task, however, starts in reverse order by demonstrating how to delete a group, then a user account, and then an OU. This reverse approach is necessary because, when you use the Delete method in an ADSI script, you cannot delete an OU without first removing the objects (called leaf objects) within it.

If you use the Delete method to delete an OU before all leaf objects are removed, Windows Script Host (WSH) displays a message similar to the following:



C:\DeleteOu.vbs(2, 1) (null): The directory service can perform the requested operation only on a leaf object.

It might not be entirely clear why the error message reads, "The directory service can perform the requested operation only on a leaf object." It is true that an OU is a container object. However, when an OU is empty, the Delete method can delete an OU because, from the script's perspective, an empty OU is considered a leaf object.

This error message is avoided in the following examples because the first script removes the Atl-Users group and the second script removes the MyerKen user account before the third script deletes the HR OU.

Deleting Active Directory objects involves two simple steps:

  1. Connect to the Active Directory container where the object is stored.

  2. Delete the object.

Deleting a Group

The script in Listing 5.11 deletes the Atl-Users group from the HR OU in the na.fabrikam.com domain.

  1. Connect to the HR OU container in the na.fabrikam.com domain.

    The OU is referred to as a container rather than an object because the task completed in this script is to delete an object within a container.

  2. Delete the Atl-Users group from the HR OU in Active Directory.

Listing 5.11 Deleting a Group

  
1
2


Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
objOU.Delete "group", "cn=Atl-Users"

Deleting a User Account

The script in Listing 5.12 deletes the MyerKen user account from the HR OU in the na.fabrikam.com domain.

  1. Connect to the HR OU container in the na.fabrikam.com domain.

  2. Delete the MyerKen user account from the HR OU in Active Directory.

Listing 5.12 Deleting a User Account

  
1
2


Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
objOU.Delete "user", "cn=MyerKen"

Deleting an OU

The script in Listing 5.13 deletes the HR OU from the na.fabrikam.com domain.

  1. Connect to the na.fabrikam.com domain container.

  2. Delete the HR OU from the na.fabrikam.com domain in Active Directory.

Listing 5.13 Deleting an OU

  
1
2


Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")
objDomain.Delete "organizationalUnit", "ou=HR"


Important observations about the scripts in this section are:

  • They perform the same two steps: They connect to an Active Directory container and delete an object in the container.

  • They use the same method (Delete) without regard to the class of object being deleted.


Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft