Learn about Windows PowerShell
Summary: Easily find disabled user accounts in Active Directory Domain Services (AD DS) by using Windows PowerShell.
How can I easily use Windows PowerShell to find disabled user accounts?
Use the Search-ADAccount cmdlet from the Active Directory module in the RSAT tools, and specify the AccountDisabled and UsersOnly switches:
Search-ADAccount -AccountDisabled -UsersOnly
You can also use this command:
Get-ADUser -Filter 'Enabled -eq $false'
The main difference is that Get-ADUser returns ADUser objects (and you can specifiy which properties to fetch via the -Properties parameter), whereas Search-ADAccount returns ADAccount objects with a fixed set of properties (AccountExpirationDate, DistinguishedName, Enabled, LastLogonDate, LockedOut, Name, ObjectClass, ObjectGUID, PasswordExpired, PasswordNeverExpires, SamAccountName, SID, and UserPrincipalName.)
Free active directory reporting available here, http://adsysnet.com/
Some low cost ad management tools available for finding inactive/disabled users in ad.
Very useful, thanks for sharing this PowerShell to find unused computer accounts in active directory. I found an efficient application (http://www.lepide.com/active-directory-cleaner/). This
utility helps to find out stale or inactive computer accounts that have not logged for 90 days. It generates report which are based on inactive or old computer accounts, never logged on users details of accounts in HTML, CSV and PDF format. It helps to manage
inactive accounts and move them to another OU.