The below powershell lists all the disabled AD users:
Search-ADAccount –AccountDisabled -UsersOnly
Search-ADAccount cmdlet lists both users and computers, we need to pass the parameter -UsersOnly to list only users.
Find and List all Disabled AD Users
The following command find the disbled ad users by passing the parameter AccountDisabled into Powershell cmdlet Search-ADAccount and list the selected properties of all disabled Active Directory users.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Find Disabled AD Users from specific OU:
We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. This following command select and list all disabled Active Directory users from the Organization Unit ‘TestOU‘.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Export Disabled AD Users to CSV using Powershell
We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all disabled Active Directory users to CSV file.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName | Export-CSV "C:\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8
CSV Output of Disabled AD User Accounts:
