Active Directory Cookbook, 3rd Edition

5.4.1 Problem

You want to delete all the objects in an OU, but not the OU itself.

5.4.2 Solution

5.4.2.1 Using a graphical user interface

1. Open the Active Directory Users and Computers snap-in.

2. If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.

3. In the left pane, browse to the OU that contains the objects you want to delete and click on it.

4. Highlight all the objects in the right pane and hit the Delete button.

5. Press F5 to refresh the contents of the OU. If objects still exist, repeat the previous step.

5.4.2.2 Using a command-line interface

To delete all objects within an OU, but not the OU itself, you need to use the -subtree and -exclude options with the dsrm command.

> dsrm "<OrgUnitDN>" -subtree -exclude

5.4.2.3 Using VBScript

' This code deletes the objects in an OU, but not the OU itself set objOU = GetObject("LDAP://<OrgUnitDN>") for each objChildObject in objOU Wscript.Echo "Deleting " & objChildObject.Name objChildObject.DeleteObject(0) next

5.4.3 Discussion

If you want to delete the objects in an OU and recreate the OU, you can either delete the OU itself, which will delete all child objects, or you could just delete the child objects. The benefits to the later approach is that you do not need to reconfigure the ACL on the OU or relink GPOs.

5.4.4 See Also

Recipe 5.3 for enumerating objects in an OU, Recipe 5.5 for deleting an OU, and MSDN: IADsDeleteOps::DeleteObject