SYMPTOMS
In the Active Directory management snap-ins (Active Directory Users and Computers, Active Directory Sites and Services, and Active Directory Domains and Trusts), you may see an object represented by the default Windows icon, which has a
Type designation of
Unknown. If you attempt to delete the object, you receive the following error message:
Active Directory
Windows cannot delete object object name because:
The specified directory service attribute or value does not exist.
Or, in ADSIEdit, you may see a leaf object with no data in the
Class column. If you attempt to delete the object, you receive the following error message:
adsiedit
The specified directory service attribute or value does not exist.
Or, in the Active Directory Administration Tool (Ldp.exe), you may be able to view the object itself, but you cannot see the attributes of that object. If you attempt to delete the object, you receive the following error message:
Error: Delete: Not allowed on Non-leaf. <66>
RESOLUTION
If you are a member of the local Administrators group on the domain controller, you may take ownership of the object and then grant yourself whatever access rights that you require. To do this, follow these steps:
- Open the Active Directory Users and Computers snap-in.
- Navigate to the container in which the object resides.
- Right-click the object, and then click Properties.
- Click the Security tab.
- Click the Advanced button.
- Click the Owner tab.
- In the Change Owner to dialog box, select the Administrators group or the administrator account that you are currently logged on with, and then click OK.
- In the Security dialog box, assign Full Control permissions to the administrator account.