When a user with delegated access attempts to delete a computer object from the Active Roles MMC, or Active Roles Web Interface, the following error is encountered:
The selected object cannot be deleted since it contains other objects. This restriction is due to an ActiveRoles Server policy that prevents a container of a certain type from being deleted if the container holds any objects. To delete the object you have selected, you must first delete all objects it contains.
"Administration Service encountered an error when deleting the object 'CN=COMPUTERNAME,OU=COMPUTERS,DC=DOMAIN,DC=NAME'. The directory service can perform the requested operation only on a leaf object. (Exception from HRESULT: 0x80072015)"
Insufficient delegated access. Computer objects may have shared folders or printers associated with them. When this happens leaf objects are created within the Active Directory Computer object. Permissions to delete computer objects do not include permissions to delete enclosed leaf objects.
Note: In some cases the leaf object may not show up because of the Active Roles MMC console view settings. From the View menu select Computers as Containers.
Make a copy of the Delete - Computer access template and name it: Delete - Computer and Leaf Objects
OPTION 1: Assign full control to computer objects: