OS:
Server 2012 R2.
The Issue:
- I have an organizational unit in Active Directory that started showing as "Unknown" recently.
- To my knowledge, an attempt to delete this OU did not happen, so it's not a case of "lingering objects" post delete.
- By checking the status of group policy on the servers I know live in that OU, I can see they are still getting their group policy updates
- I am unable to add new servers to the OU - cannot drag and drop into OU and the "move" option does not show the OU as an option.
- When I check the properties of the OU
* Both the "General" and "Object" tabs show: "The Active Directory Domain Services object could not be displayed. Unable to view attribute or value. You may not have permissions to view this object."
* The "Security" tab shows the access levels of various user groups. When I go into "Advanced" under "Security" it shows I am the owner of this object.
What I've tried:
..but since I am already the owner, it didn't help me. I even tried changing the owner from "Domain Admins" (of which I am a member of) to my own name, just to see if it would automagically 'wake up' for me, but that didn't work, so I changed the owner back
to "Domain Admins".
- I tried running this command in Powershell to pull all OU's, but the OU in question did not get returned:
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A
- The goal of running the above ^^ command was to at least get a list of all servers living in that OU so I could recreate it.
- I followed the steps here, just in case we had accidentally set the owner to "Deny All", not the case: http://www.chicagotech.net/winissues/adpermission3.htm
- Lastly, I tried to navigate to CN=Deleted Objects just to confirm the object wasn't inadvertently deleted by a team member, no luck there either:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379509(v=ws.10)
Requested Help:
- Any other ideas on how I could revive this OU?
- I really can't afford to lose all of the servers that live in this OU. Is there any way to get the contents of the OU and move them to a new OU via Powershell command perhaps?
- In the state that it's in, I don't even think we are going to be able to delete this OU by right clicking on it + then selecting delete (I haven't tried, yet). If I am able to recreate it, any ideas on how to delete the 'bad'/Unknown OU (Powershell maybe)?
Thanks in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)