SYMPTOMS
Deleting a leaf object in Active Directory results in ‘Insufficient Rights’ error.
CAUSE
When deleting an object from the directory, LDAP Administrator sends an LDAP Delete request to the directory server with a Tree Delete control attached if supported. It causes an ‘Insufficient Rights’ error if a user doesn’t have ‘Delete Subtree’ permission on the object being deleted.
WORKAROUND
Force LDAP Administrator not to use the Tree Delete control:
- Right click on an appropriate profile node in the tree and select ‘Properties’ in the popup menu
- In the opened dialog, select the LDAP Settings page and click the Advanced button
- In the appeared dialog, select the Miscellaneous page and check the ‘Never use Tree Delete control’ item in the ‘Advanced options’ list.