Failure to delete computer objects that have subobjects
OS:
Red Hat Enterprise Linux Server release 7.6 (Maipo)
Kernel:
3.10.0-957.10.1.el7.x86_64 # 1 SMP Thu Feb 7 07:12:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
adcli package:
adcli-0:0.8.1-6.el7_6.1.x86_64
The issue cropped up when we tried to delete a computer entry that was previously built as a Windows machine with BitLocker encryption. Seems like a child object is created to store metadata for BitLocker drive recovery. When removing the object from the Active Directory console a warning pops up about deleting child objects which we must confirm before the computer, and children, are deleted. Attempting adcli delete-computer
returns with the following error (replaced with placeholders for brevity):
adcli: deleting $hostname in $domain domain failed: Couldn't delete computer account: $distingushedName: 00002015: UpdErr: DSID-031A12A5, problem 6003 (CANT_ON_NON_LEAF), data 0