To remove a protected OU, go to ADUC (Active Directory Users and Computers), select the domain and enable “Advanced Features” in View. When Advanced Features are enabled, just right click you OU go to Properties -> Object and uncheck “Protect against accidential deletion”. Disable Advanced Features after that. By the way. When Advanced Features are enabled you can even see the distinguished Name of objects directly in ADUC UI.

To get all users from an AD group is very simple: groupName = "an\_ad\_group"; PrincipalContext ctx = new PrincipalContext(ContextType.Domain); GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName); var principals = grp.GetMembers(true); ```But what about an OU? There is no OrganizationUnitPrincipal... [Well, there is a solution: to instantiate a context for your OU](http://stackoverflow.com/a/1927476/632117 "See the solution on Stack Overflow"): So if you want to check if a user in a OU: internal static bool IsUserInOu(string ou, string name) { var domain = “takana.

Here is a a link you can start with. To test AD, install AD. Then we canplay with it. Take a look those examples, too. PrincipalSearcher vs. DirectorySearcher What is the difference? OU Here are two examples (one for PrincipalSearcher and the other for DirectorySearcher) to retrieve users from an OU: //PrincipalSearcher internal static void ListPrincipalsFromOu() { using(var ctx = new PrincipalContext(ContextType.Domain, "takana.local", "OU=SOME\_OU ,DC=takana, DC=local")) { using (var up = new UserPrincipal(ctx)) { using (var ps = new PrincipalSearcher(up)) { using (var res = ps.