I have one particular AD user, nothing really special about them that I'm aware of, that I'm unable to delete. The error is the "You do not have sufficient privileges to delete..." with the CN data which oddly has something about iPad App and ExchangeActiveSyncDevices in it and then "...or this object is protected from accidental deletion."
The accidental deletion protection option is off. I can't delete it from an account escalated to administrator nor from a full administrator login. This is not the only person with an iPad that has synced to our Exchange server. Is that a real clue or is it a misleading error? What else could be blocking deletion?
In AD Users and Computers, in the View menu, select the
Users, Contacts, Groups and Computers as Containersoption.Find your user object there, and you'll probably see some sub-objects beneath the user object, such as certificates or similar things. To delete the user, right-click on the "folder" for the user object, and select Delete.
You will then probably get a prompt titled Confirm Subtree Deletion that explains the user object contains other objects (i.e. the certs or whatever). Just click OK to confirm deletion.
In Powershell, it's:
Got it finally! Had to go into ADSI Edit, find the user, go to the Exchange folder under her CN there. Open that up and take ownership (it was assigned to some random string instead of a real user). Once doing that I was able to give myself full security control on those objects that no one had control over before (including SELF). Finally once THAT was complete I could delete her account the normal way.