You Cannot Delete an Active Directory Object of Unknown Type

Active Directory is considered as the heart of an Organization; therefore, managing Active Directory objects with advance care is must. To help the administrators effectively and flawlessly manage Active Directory objects, Microsoft has provided various Microsoft Management Console snap ins, such as Active Directory Domains and Trusts, Active Directory Users and Computers, and Active Directory Sites and Services. Sometimes, you may see a default Windows like icon of unknown type in this MMC snap ins. In case, you try to delete this object, Windows denies to delete the object rather throws the following error message:

The specified issue occurs due to lack of required permissions. You can view the object because you have "''list content"'' permission but do not have rights to delete the object.

In order to resolve the specified issue, you must have required permissions. And for that you have to take ownership of the object. After taking ownership of the object, you can grant yourself required privileges to perform specific operations on that object. Execute the following steps to take ownership and grant permissions on the object:

1. Click Start > Control Panel.

2. Double click the Administrative Tools icon.

3. Open Active Directory Users and Computers snap ins and access the container in which the object whose ownership you want to take is available.

4. Right click the object and select the Properties option.

5. Select the Security tab and then the Advanced button.

6. Select the Owner tab. The "''Change Owner to"'' dialog box appears.

7. Select the Administrators group or the administrator account with which you are currently logged on.

9. Assign Full Control permission to the Administrator group or the administrator account.

Now, you can delete the object from MMC snap ins. Instead of executing such a long and time consuming process to perform a small operation, you can also take advantage of Active Directory Management utilities. The depicted process can help the administrator to resolve the issue on a single computer but what if the issue occurs on multiple computers with in a network. What the administrator will do in that situation? Obviously, he needs to visit every computer having such issue. Personally, visiting every computer and executing such a long process is very tiresome and time consuming.

The administrator should take advantage of the third party Active Directory management tools that provide a central location to resolve such issues on computers in a domain.