Discussion:
DSRM.exe Active Directory command line tool
(too old to reply)
Joe
2006-03-09 16:30:08 UTC
Permalink
I am trying to use the DSRM.exe utility in a script to remove a number of
computer objects in AD, however, I'm having limited success. It seem I can
remove a computer object if it is in a container, but not if it's in an OU.
When I try to remove a computer object from an OU, I get an error message -
dsrm failed:"The distiguished name" The directory service can perform the
requested operation only on a leaf object.
My understanding is that a leaf object is a computer or user object etc. Why
is the script failing when I try to remove a computer object under an OU?
Jeff Jones [MSFT]
2006-03-09 19:25:25 UTC
Permalink
Computer objects are really containers. Do any of these computer objects
have child items? In ADUC, you can use the View menu to select showing
User, Groups, and Computers as Containers and see if they contain any items.
--
Jeff Jones [MSFT]
Monad Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Joe
I am trying to use the DSRM.exe utility in a script to remove a number of
computer objects in AD, however, I'm having limited success. It seem I can
remove a computer object if it is in a container, but not if it's in an OU.
When I try to remove a computer object from an OU, I get an error message -
dsrm failed:"The distiguished name" The directory service can perform the
requested operation only on a leaf object.
My understanding is that a leaf object is a computer or user object etc. Why
is the script failing when I try to remove a computer object under an OU?
Joe
2006-03-10 14:20:29 UTC
Permalink
Thanks Jeff, that was extremely helpful. I could see from the view menu "as
containers" that the computer objects did have child objects. Realizing
that, I added the -subtree parameter to the dsrm command and it worked fine.

Joe
Post by Jeff Jones [MSFT]
Computer objects are really containers. Do any of these computer objects
have child items? In ADUC, you can use the View menu to select showing
User, Groups, and Computers as Containers and see if they contain any items.
--
Jeff Jones [MSFT]
Monad Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Joe
I am trying to use the DSRM.exe utility in a script to remove a number of
computer objects in AD, however, I'm having limited success. It seem I can
remove a computer object if it is in a container, but not if it's in an OU.
When I try to remove a computer object from an OU, I get an error message -
dsrm failed:"The distiguished name" The directory service can perform the
requested operation only on a leaf object.
My understanding is that a leaf object is a computer or user object etc. Why
is the script failing when I try to remove a computer object under an OU?
Loading...