.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How can I delete an Active Directory (AD) object of an unknown type?
John Savill
March 24, 2003
1 Min Read
A. AD objects will occasionally have a default Windows icon and a type of Unknown when you view them in a Microsoft Management Console (MMC) AD snap-in, such as the Active Directory Users and Computers, Active Directory Sites and Services, or Active Directory Domains and Trusts snap-in. If you attempt to delete the object, you'll receive the following error:
Active Directory Windows cannot delete object because: The specified directory service attribute or value does not exist.This problem occurs when your user or group account has "list contents" permission on the parent of the object you're viewing but you don't have rights for the object itself.
If you're a member of the local Administrators group on a domain controller (DC), you can work around this problem by taking ownership of the object, then giving yourself full permissions. To configure full permissions, perform the following steps:
Start the Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, Active Directory Users and Computers) or the AD snap-in that listed the object that you can't delete.
Navigate to the object's parent container.
Right-click the object, then select Properties from the displayed context menu.
Select the Security tab.
Click the Advanced button.
Select the Owner tab.
In the "Change Owner To" section, select your account or the Administrators group that you belong to, then click OK.
From the main Security tab, grant Full Control permission to your account or group, then click OK.
Delete the object.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)