Active Directory has a special feature to protect against accidental deletion of directory objects (Organizational Units, users, groups, etc.). By default, the “Protect object from accidental deletion” option is enabled when creating new OUs.
If you try to remove a protected Active Directory object, an error appears:
Active Directory Domain Services
You do not have sufficient privileges to delete Users, or this object is protected from accidental deletion.
The remove protection flag is displayed on the Options tab in the OU properties in the Active Directory Users and Computers console (dsa.msc) (do not forget to enable the View -> Advanced Features option). 
You can enable or disable this option from the ADUC console or using PowerShell.
For example, the following command will protect an AD user account from deletion:
Get-ADUser m.schmidt|Set-ADobject -ProtectedFromAccidentalDeletion $true
Such a command will enable the protection flag for the OU:
Get-ADobject -Identity ‘OU=Admins,OU=BER,OU=DE,DC=contoso,DC=loc'| Set-ADobject -ProtectedFromAccidentalDeletion $true –verbose
Often, administrators temporarily uncheck the removal protection option for certain OUs and forget to turn it back on. The following PowerShell script will find all OUs for which the ProtectedFromAccidentalDeletion option is disabled:
Import-Module ActiveDirectory
$unprotectedOUs = Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion -SearchScope Subtree| where {$_.ProtectedFromAccidentalDeletion -eq $False}
# List OUs for which deletion protection is disabled:
$unprotectedOUs | Select DistinguishedName, ProtectedFromAccidentalDeletion, Name
# If you need to enable the ProtectedFromAccidentalDeletion option for ound containers, run the command
#$unprotectedOUs| Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $True
