So when cleaning up Active Directory recently, I kept getting running across a handful of user accounts that were being a bit stubborn when trying to remove them.
I kept getting this error:
Remove-ADUser stubbornuser -Confirm:$False Remove-ADUser : The directory service can perform the requested operation only on a leaf object At line:1 char:14 + remove-aduser <<<< stubbornuser -Confirm:$False + CategoryInfo : NotSpecified: (konosvi:ADUser) [Remove-ADUser], ADException + FullyQualifiedErrorId : The directory service can perform the requested operation only on a leaf object,Microsof t.ActiveDirectory.Management.Commands.RemoveADUser
What in the…
After googling around a bit, I found that Exchange is storing its ActiveSync devices as leafs on the accounts, and there were quite a few on each account. So a new approach was needed.
Remove-ADobject (Get-ADUser stubbornuser).distinguishedname -Recursive -Confirm:$false
Ahhh, that did the trick!
By day, I’m a systems admin for a medium size company in the Pacific Northwest.
By night, I’m a blogger, gamer, and all around general nerd.