So I was spring cleaning a lot of disabled users from a customer Active Directory. After a while I noticed that I couldn’t remove all user account. Some just wouldn’t go away.

Remove-ADUser olduser -Confirm:$False
Remove-ADUser : The directory service can perform the requested operation only on a leaf object
At line:1 char:14
+ remove-aduser <<<<  olduser -Confirm:$False
    + CategoryInfo          : NotSpecified: (konosvi:ADUser) [Remove-ADUser], ADException
    + FullyQualifiedErrorId : The directory service can perform the requested operation only on a leaf object,Microsof
   t.ActiveDirectory.Management.Commands.RemoveADUser

So what the.. Using ADSI edit I went in looking and found that Exchange is storing its ActiveSync devices as leafs on the accounts. So then I needed a new approach.

Remove-ADobject (Get-ADUser olduser).distinguishedname -Recursive -Confirm:$false

Say bye-bye to the account 🙂