You want to delete all the objects in an OU, but not the OU itself.
126.96.36.199 Using a graphical user interface
188.8.131.52 Using a command-line interface
To delete all objects within an OU, but not the OU itself, you need to use the -subtree and -exclude options with the dsrm command.
> dsrm "<OrgUnitDN>" -subtree -exclude
184.108.40.206 Using VBScript
' This code deletes the objects in an OU, but not the OU itself set objOU = GetObject("LDAP://<OrgUnitDN>") for each objChildObject in objOU Wscript.Echo "Deleting " & objChildObject.Name objChildObject.DeleteObject(0) next
If you want to delete the objects in an OU and recreate the OU, you can either delete the OU itself, which will delete all child objects, or you could just delete the child objects. The benefits to the later approach is that you do not need to reconfigure the ACL on the OU or relink GPOs.
5.4.4 See Also
Recipe 5.3 for enumerating objects in an OU, Recipe 5.5 for deleting an OU, and MSDN: IADsDeleteOps::DeleteObject