JSI Tip 4072. Active Directory object of unknown type can NOT be deleted?

If you open an Active Directory snap-in and see an unknown object represented by the default Windows icon, attempting to delete it returns:

Active Directory

Windows cannot delete object object name because:
The specified directory service attribute or value does not exist.

If you use ADSIEdit and you see a leaf object with no data in the Class column, a deletion attempt returns:


The specified directory service attribute or value does not exist.

In the Active Directory Administration Tool (Ldp.exe), you may be able to view the object but not its' attributes. A deletion attempt returns:

Error: Delete: Not allowed on Non-leaf. <66>

If the account that you logged on with only has list contents permissions on the parent object, you will experience the above symptoms.

A member of the local Administrators group on the domain controller can take ownership of the object and grant the required access rights:

1. Open the Active Directory Users and Computers snap-in and navigate to the container that contains the object.

2. Right-click the object, and then press Properties.

3. On the Security tab, press the Advanced button and select the Owner tab.

4. Select the Administrators group, or the administrator account that you are currently logged on with, in the Change Owner dialog and press OK.

5. In the Security dialog, grant Full Control to the account or group.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.