delete_sub_tree

Use the delete_sub_tree command to delete an object and all of its child objects from Active Directory. Only child objects that are in the same container as the specified parent object are deleted. Child objects in other containers are not deleted.

WARNING: This is a very powerful command, and can cause a lot of damage if used incorrectly. It’s similar to running rm -rf * in UNIX.

In interactive mode, ADEdit prompts you for confirmation before executing this command. If you use this command in a script, ADEdit does not prompt for confirmation. You should use caution before using this command in a script.

This command can be used on any Active Directory object, including a container, OU, computer object, group or user. However, it is especially useful for deleting a corrupted zone. You’d normally use select_zone and then delete_zone to delete a zone. If the zone is damaged, though, select_zone might not work. In that case, delete_sub_tree will do the job.

If the zone is a hierarchical zone, this command deletes only the child zones in the same container as the parent zone. If there are any child zones in other containers, they are not deleted.

Zone type

Classic and hierarchical

Syntax

delete_sub_tree dn

Abbreviation

None.

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

dn

DN

Required. Specifies the distinguished name of the object (with all of its children) to remove from Active Directory.

Return value

This command returns nothing if it runs successfully.

Examples

delete_sub_tree “CN=marketing,CN=Zones,CN=Centrify,DC=acme,DC=com”

This example deletes the currently selected “marketing” zone with all of its children from Active Directory.

Related commands

The following commands enable you to view and manage the Active Directory object to work with:

  • delete_object deletes the selected Active Directory object from Active Directory and from memory.
  • get_objects performs an LDAP search of Active Directory and returns a Tcl list of the distinguished names of matching objects.
  • new_object creates a new Active Directory object and stores it in memory.
  • save_object saves the selected Active Directory object with its current settings to Active Directory.
  • select_object retrieves an object with its attributes from Active Directory and stores it in memory.

The following commands enable you to view and manage Active Directory object attributes:

  • add_object_value adds a value to a multi-valued field attribute of the currently selected Active Directory object.
  • get_object_field reads a field value from the currently selected Active Directory object.
  • remove_object_value removes a value from a multi-valued field attribute of the currently selected Active Directory object.
  • set_object_field sets a field (attribute) value in the currently selected Active Directory object.