Recently I came across a problem when i was doing general clean-up and maintenance on an Active Directory Domain.
When i tried to delete a user that was no longer with the company I go the following error.
The first thought is dammit, it’s a protected object in AD, so you open the user and go to object only to find that it doesn’t have the tick box set.
Ok, but I know that the admin count can also do funky things, so that’s probably been set to AdminCount=1 so I’ll check that.
No dice… well there goes the simple and common things that will cause you problems.
if you also looked at the error closely you would have noticed that the error was talking about exchange permissions.
if you go to your Active Directory users and computers MMC you can turn on two options
Users, Contacts, Groups, and Computers as Containers. and Advanced Features (if not already)
Now when you go back and look at the user you are trying to delete you find out that they have a container under their account… Why you ask? this is created by Exchange and all these new iPhones and Windows Phones users will have one under their account.
Since this is a phone that is added to the users account our next set is the Exchange EMC
Logon to the Exchange Management Console and Select the user from the Mailbox folder under Recipient Configuration area and right click to bring up the action menu,
click on “Manage Mobile Phone…”
This will bring up the below window and you will be able to select the offending devices and remove the Windows Mobile phone’s, iPad’s or iPhones from the users account. by selecting them and clicking remove when you have the radio button “Remove Mobile Phone partnership” selected.
Once this is done you will be able to go back to AD and delete the user as per normal.
Hope this helps.