Category Archives: Active Directory

Active Directory Group Policy Restricted Groups

I use a Group Policy setting to ensure certain users or groups are always administrators on every machine I add to my test domain.   This is a reminder to myself how I do this.

Open the GP Editor and navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups.

  • Right-click and select Add Group.
  • Browse to the appropriate group, select it and click OK twice.

The membership dialogue appears.

  • In the This Group is a Member of:  section click Add.
  • Select Administrators.

The group will now be a member of the Administrators group on all computers the policy is applied to.

More info:


Remove Protection Against Accidental Organizational Unit Deletion

I recently tried to remove an OU from my Test AD came and up against this message:  You do no have sufficient privileges to delete xxxx or this object is protected from accidental deletion.

To get round this I followed this procedure.

  • Ensured Advanced Features was selected in AD Users and Computers.
  • Selected the OU, the Properties and then Security.
  • Clicked the Advanced button.
  • Removed the Deny option from the Everyone group.

I was then able to delete the OU.

More info: