So I was spring cleaning a lot of disabled users from a customer Active Directory. After a while I noticed that I couldn’t remove all user account. Some just wouldn’t go away.
Remove-ADUser olduser -Confirm:$False Remove-ADUser : The directory service can perform the requested operation only on a leaf object At line:1 char:14 + remove-aduser <<<< olduser -Confirm:$False + CategoryInfo : NotSpecified: (konosvi:ADUser) [Remove-ADUser], ADException + FullyQualifiedErrorId : The directory service can perform the requested operation only on a leaf object,Microsof t.ActiveDirectory.Management.Commands.RemoveADUser
So what the.. Using ADSI edit I went in looking and found that Exchange is storing its ActiveSync devices as leafs on the accounts. So then I needed a new approach.
Remove-ADobject (Get-ADUser olduser).distinguishedname -Recursive -Confirm:$false
Say bye-bye to the account 🙂