Today, I came across something that had me quite stumped…. well for a few minutes anyway 🙂
I was doing some tidying up of a domain, I found an OU that was incorrectly named, it was not to design. I thought, I’ll just rename it, but found that the option to do so was not available.
I took a look at the attributes of the OU, two immediately struck me as odd:
systemFlags was set to DISALLOW_DELETE|DOMAIN_DISALLOW_RENAME|DOMAIN_DISALLOW_MOVE
isCriticalSystemObject was set to TRUE:
Neither of these attributes could be modified, an error was thrown if attempted.
The simple answer: This OU had been set as the default location for new computer objects via redircmp
By running redircmp CN=Computers,DC=oholics,DC=net (or your other true destination):
- The systemFlags attribute was banished
- The isCriticalSystemObject attribute was set to FALSE
- The OU could be renamed, moved and deleted 😉