Recipe 4.20 Deleting an Object

4.20.1 Problem

You want to delete an object.

4.20.2 Solution

4.20.2.1 Using a graphical user interface
  1. Open ADSI Edit.

  2. If an entry for the naming context you want to browse is not already displayed, do the following:

    1. Right-click on ADSI Edit in the right pane and click Connect to . . .

    2. Fill in the information for the naming context, container, or OU that contains the object you want to delete. Click on the Advanced button if you need to enter alternate credentials.

  3. In the left pane, browse to the object you want to delete.

  4. Right-click on the object and select Delete.

  5. Click Yes to confirm.

4.20.2.2 Using a command-line interface
> dsrm "<ObjectDN>"
4.20.2.3 Using VBScript
strObjectDN = "<ObjectDN>"
set objUser = GetObject("LDAP://" & strObjectDN)
objUser.DeleteObject(0)

4.20.3 Discussion

This recipe covers deleting individual objects. If you want to delete a container or OU and all the objects in it, take a look at Recipe 4.21.

4.20.3.1 Using a graphical user interface

If the parent container of the object you want to delete has a lot of objects in it, you may want to add a new connection entry for the DN of the object you want to delete. This may save you time searching through the list of objects in the container and could help avoid accidental deletions. You can do this by right-clicking ADSI Edit and selecting Connect to. Under Connection Point, select Distinguished Name and enter the DN of the object you want to delete.

4.20.3.2 Using a command-line interface

The dsrm utility can be used to delete any type of object (no limitations based on object type as with dsadd and dsmod). The only required parameter is the DN of the object to delete. You can also specify -noprompt to keep it from asking for confirmation before deleting. The -s parameter can be used as well to specify a specific server to target.

4.20.3.3 Using VBScript

Using the DeleteObject method is straightforward. Passing 0 as a parameter is required, but does not have any significance at present.

An alternate and perhaps safer way to delete objects is to use the IADsContainer::Delete method. To use this method, you must first bind to the parent container of the object. You can then call Delete by passing the object class and RDN of the object you want to delete. Here is an example for deleting a user object:

set objCont = GetObject("LDAP://ou=Sales,dc=rallencorp,dc=com")
objCont.Delete "user", "cn=rallen"

Delete is safer than DeleteObject because you have to be more explicit about what you are deleting. With DeleteObject you only need to specify a distinguished name and it will delete it. If you happen to mis-type the DN or the user input to a web page that uses this method is mis-typed, the result could be disastrous.

4.20.4 See Also

Recipe 4.21 for deleting a container, MS KB 258310 (Viewing Deleted Objects in Active Directory), MSDN: IADsContainer::Delete, and MSDN: IADsDeleteOps::DeleteObject



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List