从Active Directory删除计算机 [英] Deleting computer from Active Directory

问题描述

当计算机对象具有子对象时，我收到以下错误.

无法删除对象:

目录服务只能在叶对象上执行请求的操作.

我的代码:

Hi,

I''m receiving the following error when the computer object has child objects.

Unable to delete object:

The directory service can perform the requested operation only on a leaf object.

My code:

Shared Function DeleteMachine(ByVal adPath As String, ByVal domain As String) As Boolean
       Try



           Dim ctx As New PrincipalContext(ContextType.Domain, domain, "Domain\Username", "PWD")


           Dim computer As ComputerPrincipal = ComputerPrincipal.FindByIdentity(ctx, adPath)


           If computer IsNot Nothing Then
               computer.Delete()

           Else
               Return False
           End If


           Return True
       Catch ex As Exception
           Return False
       End Try
   End Function

用户有权删除对象，如果我手动删除孩子，则可以删除计算机对象.

有人可以对此有所启发吗?

谢谢.



我忘了提到用户没有AD DeleteTree权限.

查询"CN = MEANMACHINE，OU = Computers，DC = Contoso，DC = com"返回一个对象，如果容器为空，则删除计算机，如果容器有叶子，则抛出上述错误.

容器叶子的路径例如是"CN =虚拟机，CN = MEANMACHINE，OU =计算机，DC = Contoso，DC = com"

我必须先清洁容器的所有叶子吗?我怎么知道容器是否有叶子，以及如何遍历它们?

The user has right''s do delete an object, if i manually delete the childs i can remove the computer object.

Can someone put some light on this?

Thank you.



I forgot to mention that the user don''t have the AD DeleteTree permission.

The query "CN=MEANMACHINE,OU=Computers,DC=Contoso,DC=com" returns one object, in case the container is empty it deletes the computer, if the container has leafs, it throws the above error.

The path of the container leafs is, for instance, "CN=Virtual Machine,CN=MEANMACHINE,OU=Computers,DC=Contoso,DC=com"

Must i clean all leafs of a container first? How can i know if the container has leafs and how to iterate through them?

推荐答案

我在 DeleteTree [此处 [
希望对您有所帮助；)

I have found interesting example on http://stackoverflow.com/questions/7910534/how-to-delete-computer-account-from-active-directory-using-c-sharp[^]
The difference is in DeleteTree[^] method for DirectoryEntry, not Delete() for ComputerPrincipal.
Here[^] is a little more about "Container object and Leafs object".

I hope it will be helpful ;)

这篇关于从Active Directory删除计算机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！