Remove-ADUser vs. Remove-ADObject

So when cleaning up Active Directory recently, I kept getting running across a handful of user accounts that were being a bit stubborn when trying to remove them.

I kept getting this error:

Remove-ADUser stubbornuser -Confirm:$False
Remove-ADUser : The directory service can perform the requested operation only on a leaf object
At line:1 char:14
+ remove-aduser <<<<  stubbornuser -Confirm:$False
+ CategoryInfo          : NotSpecified: (konosvi:ADUser) [Remove-ADUser], ADException
+ FullyQualifiedErrorId : The directory service can perform the requested operation only on a leaf object,Microsof
t.ActiveDirectory.Management.Commands.RemoveADUser

What in the…

After googling around a bit, I found that Exchange is storing its ActiveSync devices as leafs on the accounts, and there were quite a few on each account. So a new approach was needed.

Remove-ADobject (Get-ADUser stubbornuser).distinguishedname -Recursive -Confirm:$false

Ahhh, that did the trick!

Leave a Reply

Your email address will not be published. Required fields are marked *