How can I delete an Active Directory (AD) object of an unknown type?

A. AD objects will occasionally have a default Windows icon and a type of Unknown when you view them in a Microsoft Management Console (MMC) AD snap-in, such as the Active Directory Users and Computers, Active Directory Sites and Services, or Active Directory Domains and Trusts snap-in. If you attempt to delete the object, you'll receive the following error:

   Active Directory

   Windows cannot delete object <name of object> because:
   The specified directory service attribute or value does not exist.

This problem occurs when your user or group account has "list contents" permission on the parent of the object you're viewing but you don't have rights for the object itself.

If you're a member of the local Administrators group on a domain controller (DC), you can work around this problem by taking ownership of the object, then giving yourself full permissions. To configure full permissions, perform the following steps:

  1. Start the Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, Active Directory Users and Computers) or the AD snap-in that listed the object that you can't delete.
  2. Navigate to the object's parent container.
  3. Right-click the object, then select Properties from the displayed context menu.
  4. Select the Security tab.
  5. Click the Advanced button.
  6. Select the Owner tab.
  7. In the "Change Owner To" section, select your account or the Administrators group that you belong to, then click OK.
  8. From the main Security tab, grant Full Control permission to your account or group, then click OK.
  9. Delete the object.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.