To remove a protected OU, go to ADUC (Active Directory Users and Computers), select the domain and enable “Advanced Features” in View. When Advanced Features are enabled, just right click you OU go to Properties -> Object and uncheck “Protect against accidential deletion”. Disable Advanced Features after that. By the way. When Advanced Features are enabled you can even see the distinguished Name of objects directly in ADUC UI.

While working with Active Directory within SharePoint we probably don’t need to specify the domain or the root container. We can the current values. Here is a simple method from a console application just to demonstrate: internal static void GetDomain() { var context = new DirectoryContext(DirectoryContextType.Domain); var domain = Domain.GetDomain(context); Console.WriteLine("Full domain:"); Console.WriteLine(domain.Name); //takana.local Console.WriteLine(); Console.WriteLine("root container"); var parts = domain.Name.Split(new\[\] {"."}, StringSplitOptions.RemoveEmptyEntries); var dcParts = parts.Select(n => "dc=" + n).

To get all users from an AD group is very simple: groupName = "an\_ad\_group"; PrincipalContext ctx = new PrincipalContext(ContextType.Domain); GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName); var principals = grp.GetMembers(true); ```But what about an OU? There is no OrganizationUnitPrincipal... [Well, there is a solution: to instantiate a context for your OU](http://stackoverflow.com/a/1927476/632117 "See the solution on Stack Overflow"): So if you want to check if a user in a OU: internal static bool IsUserInOu(string ou, string name) { var domain = “takana.

A tip for all who want to administer AD with powershell: Idera Powershell scripts. Just sign up and get the free scripts for AD, SQL, Exchange and Sharepoint. I personally prefer to user modules, so I change the file extension from ps1 to psm1 and then I can use import functions as modules. Here is a simple example for creating for domain users: import-module .\\New-IADUser1.psm1 function Add-User($name) { New-IADUser -Name $name -sAMAccountname $name -ParentContainer 'CN=Users, DC=contoso, DC=com' -Password 'SvenskaAkademien1786' -EnableAccount -PasswordNeverExpires } Add-User "user01" Add-User "user02" Add-User "user03" Add-User "user04" update 2012-03-15: nice script from Ryan Ryan Dennis has created a very handy script for creating random users.

To get the distinguished name for a user, it isn’t enough to get an SPUser object. The distinguished name is the unique string for identifying a user in Active Directory (eg. CN=BeforeDAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM) Even using UserProfile object is not that clear. The distinguished name can be found in a property which can be retrieved with brackets: up[PropertyConstants.DistinguishedName] public static string GetDistinguishedName(string login) { var dn = ""; UserProfile up; using (var site = new SPSite("http://dev")) { var serviceContext = SPServiceContext.