Microsoft KB Archive/305104

= You Cannot Delete an Active Directory Object of Unknown Type =

Article ID: 305104

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q305104



SYMPTOMS
In the Active Directory management snap-ins (Active Directory Users and Computers, Active Directory Sites and Services, and Active Directory Domains and Trusts), you may see an object represented by the default Windows icon, which has a Type designation of Unknown. If you attempt to delete the object, you receive the following error message:

Active Directory

Windows cannot delete object  because:

The specified directory service attribute or value does not exist.

Or, in ADSIEdit, you may see a leaf object with no data in the Class column. If you attempt to delete the object, you receive the following error message:

adsiedit

The specified directory service attribute or value does not exist.

Or, in the Active Directory Administration Tool (Ldp.exe), you may be able to view the object itself, but you cannot see the attributes of that object. If you attempt to delete the object, you receive the following error message:

Error: Delete: Not allowed on Non-leaf. <66>



CAUSE
This behavior occurs if the account that you are logged on with has only &quot;list contents&quot; permissions on the parent object. Under this scenario, you are unable to read any attributes of the object, even though you can see the object. This prevents Windows from providing information about the object based on the objectClass attribute, such as the icon attribute. You also do not have permissions to perform any operations on the object, such as a Delete command, that requires access to the objectGUID.



RESOLUTION
If you are a member of the local Administrators group on the domain controller, you may take ownership of the object and then grant yourself whatever access rights that you require. To do this, follow these steps:
 * 1) Open the Active Directory Users and Computers snap-in.
 * 2) Navigate to the container in which the object resides.
 * 3) Right-click the object, and then click Properties.
 * 4) Click the Security tab.
 * 5) Click the Advanced button.
 * 6) Click the Owner tab.
 * 7) In the Change Owner to dialog box, select the Administrators group or the administrator account that you are currently logged on with, and then click OK.
 * 8) In the Security dialog box, assign Full Control permissions to the administrator account.



STATUS
This behavior is by design.

Keywords: kberrmsg kbenv kbprb KB305104

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.