Recently I have been tidying up Active Directory. We have a lot of users that the helpdesk have disabled but not removed, they have not even moved them to a new OU. Because of this I decided to manually remove each disabled user whilst comparing it to a list of active employees. Yes this could and should have been done via powershell, but I wanted to be 100% sure nothing went wrong.
Whilst going through the list of users and removing them, I came across a few users that had the following error message when I tried to remove them.
I was not expecting this! I was sure that the user object would be a leaf object, not a container holding a leaf object. (A leaf object is an object that has no child objects.) Then it hit me, we have exchange here and have used ActiveSync in the past for some users mobile devices. When you configure ActiveSync on phones a special object is created under the user object in Active Directory. The object type is “msExchActiveSyncDevices” and will list each mobile device that has had ActiveSync configured on it. As I am trying to delete the user object I know it is safe for me to delete this object too.
The easiest way to find out what object is stopping the user from being deleted is to use Active Directory Users and Computers, but you will need to enable the “Users, Contacts, Groups, and Computers as containers” view. To do this Click view and make sure there is a tick next to “Users, Contacts, Groups, and Computers as containers”
This allows the children of these objects to be viewed by expanding the tree in the left pane.
Once you are happy that you 100% do not need the child object, you can right click the yellow folder icon and click delete. Now you are able to delete the user object as normal.
Your screens may look different to mine, as the screenshots are from my test lab. I created the object via ADSI EDIT as i do not have exchange in my lab. Any issues drop a comment.