Powershell command to list disabled AD Users:
Search-ADAccount –AccountDisabled -UsersOnly
Search-ADAccount cmdlet lists both users and computers, we need to pass the parameter -UsersOnly to list only users.
Summary
- Find and List All Disabled AD Users
- Find Disabled AD Users from specific OU
- Export Disabled AD Users to CSV file
- Enable All Disabled AD Users
Find and List All Disabled AD Users
The following command find all the disabled AD users by passing the parameter AccountDisabled into Powershell cmdlet Search-ADAccount and list the selected properties of all disabled Active Directory users.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Find Disabled AD Users from specific OU using Powershell
We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. This following command select and list all the disabled AD users from the Organization Unit ‘TestOU‘.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Export Disabled AD Users to CSV using Powershell
We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all disabled Active Directory users to CSV file.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName | Export-CSV "C:\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8
CSV Output of Disabled AD User Accounts:
Enable All Disabled AD Users using Powershell
You can enabled the disbaled Active Directory user account by using Powershell cmdlet Enable-ADAccount. The following command find all the disabled AD user accounts using Search-ADAccount cmdlet with AccountDisabled parameter and enable all the disabled user accounts by using Enable-ADAccount cmdlet.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Enable-ADAccount
Use the below command, if you want to enable users only from specific OU.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | Enable-ADAccount
Way cool! Some extremely valid points! I appreciate you penning this article plus the
rrst of the site is verty good.
Very rapidly this web site will be famous among alll blog viewers, due tto it's good articles or reviews
Keep on working, great job!
Great site you've got here.. It's hard to find high quality writing like
yours these days. I hhonestly apprecioate people like you!
Take care!!