Windows Server 2008 Active Directory introduced a setting called Protect object from accidental deletion on all directory objects: This was implemented to avoid accidentally deleting objects from the directory. OUs have this setting set by default. But what does it actually do? When this setting is set a Deny access control entry (ACE) is added …