This article will show you how to delete a user in AD if you do not have sufficient privileges. You may get this error message even if you are Domain Admin
In this case, the user has an Active Sync Device that you do not have permission to delete. You would need to delete the phone object before you can delete the user account.
To do this:
- Log in to a Domain Controller
- Open adsiedit.msc
- Navigate to the OU where the user is located and then select it
- Expand the user and select CN=ExchangeActiveSyncDevices
- Once selected on the right you will see the phones that have been synced.
You will need to select each phone and delete them. If you receive an error message while trying to delete it you will need to take ownership of the object. To do so:
- Right-click the phone and select Properties
- Select the Security tab
- Click the Advanced button and select to Change the owner
- Once you added yourself as the owner you should be able to delete the phone object.
You would need to do the same for all objects associated with the user account. After that, you can go back to Active Directory Users and Computers and delete the account.