Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/21/2024 03:56 AM
We encountered the error message when removing certain AD accounts
"Cannot delete object as object contains child objects also.Please enable EnforceTreeDeletion configuration or contact Administrator for more details. - [LDAP: error code 66 - 00002015: UpdErr: DSID-031A121E, problem 6003 (CANT_ON_NON_LEAF), data 0 ] "
Have searched the forum and we are advised to turn on the ENFORCE_TREE_DELETION but in vain
Any suggestion? or any other additional rights is required?
Solved! Go to Solution.
05/21/2024 06:26 AM
@oscarcheng Can you check AD Team , Error saying don't have fully permission to delete account in AD.
05/21/2024 06:29 AM
You are not deleting all childs
The LDAP error code 66 (CANT_ON_NON_LEAF) specifically indicates that the object you are trying to delete has child objects, and Active Directory is configured to prevent the deletion of non-leaf objects. To delete such an object, you need to either remove the child objects first or enable the tree deletion feature.