PowerTip: Use PowerShell to Find Disabled User Accounts in AD DS

PowerTip: Use PowerShell to Find Disabled User Accounts in AD DS

  • Comments 3
  • Likes

Summary: Easily find disabled user accounts in Active Directory Domain Services (AD DS) by using Windows PowerShell.

Hey, Scripting Guy! Question How can I easily use Windows PowerShell to find disabled user accounts?

Hey, Scripting Guy! Answer Use the Search-ADAccount cmdlet from the Active Directory module in the RSAT tools, and specify the AccountDisabled and UsersOnly switches:

Search-ADAccount -AccountDisabled -UsersOnly

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • You can also use this command:

    Get-ADUser -Filter 'Enabled -eq $false'

    The main difference is that Get-ADUser returns ADUser objects (and you can specifiy which properties to fetch via the -Properties parameter), whereas Search-ADAccount returns ADAccount objects with a fixed set of properties (AccountExpirationDate, DistinguishedName, Enabled, LastLogonDate, LockedOut, Name, ObjectClass, ObjectGUID, PasswordExpired, PasswordNeverExpires, SamAccountName, SID, and UserPrincipalName.)

  • Free active directory reporting available here, http://adsysnet.com/

  • Some low cost ad management tools available for finding inactive/disabled users in ad.

    http://adsysnet.com/downloads.aspx