Thursday, 22 January 2015

Find Disabled AD User Accounts using Powershell

We can find and list disabled Active Directory users using powershell cmdlet Search-ADAccount with the AccountDisabled parameter. In this article, I am going to write powershell script samples to list all the disabled AD users, export disabled AD users to CSV file, and enable all the disabled AD users.

Powershell command to list disabled AD Users:
Search-ADAccount –AccountDisabled -UsersOnly
Search-ADAccount cmdlet lists both users and computers, we need to pass the parameter -UsersOnly to list only users.

Summary:


Find and List All Disabled AD Users

The following command find all the disabled AD users by passing the parameter AccountDisabled into Powershell cmdlet Search-ADAccount and list the selected properties of all disabled Active Directory users.
Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly |
 Select -Property Name,DistinguishedName
Find Disabled AD Users using Powershell

Find Disabled AD Users from specific OU using Powershell

We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. This following command select and list all the disabled AD users from the Organization Unit 'TestOU'.
Import-Module ActiveDirectory
Search-ADAccount  -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly |
 Select -Property Name,DistinguishedName

Export Disabled AD Users to CSV using Powershell

We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all disabled Active Directory users to CSV file.
Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly |
 Select -Property Name,DistinguishedName |
 Export-CSV "C:\\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8
Find Disabled Active Directory Users using Powershell

CSV Output of Disabled AD User Accounts:

Find Disabled AD Users using Powershell

Enable All Disabled AD Users using Powershell

You can enabled the disbaled Active Directory user account by using Powershell cmdlet Enable-ADAccount. The following command find all the disabled AD user accounts using Search-ADAccount cmdlet with AccountDisabled parameter and enable all the disabled user accounts by using Enable-ADAccount cmdlet.
Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly | Enable-ADAccount
Use the below command, if you want to enable users only from specific OU.
Import-Module ActiveDirectory
Search-ADAccount  -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | 
   Enable-ADAccount

Advertisements
Advertisements

No comments:

Post a Comment