How to list all AD users and display account status Enabled / Disable on 1 list?

Posted on 2008-11-03
Last Modified: 2012-06-21
Our auditors are asking for a list of AD users listed on a single printout along with their current account status - Enabled or Disable.  We have our current users created in their respective dept OU's.  How can I get all of them on one listing?
Question by:helpdesk_wlk
    LVL 70

    Expert Comment

    LVL 3

    Expert Comment

    Load Powershell, Then get and install Quest's ActiveRoles for Management Shell For Active Directory.
    Then run Powershell and type the following command.

    #For a list of enabled users
    get-qaduser -Sizelimit 0 -Enabled

    #For a list of Disabled Users
    get-qaduser -Sizelimit 0 -Disabled
    LVL 3

    Expert Comment

    You may also export this to a csv using:

    get-qaduser -Sizelimit 0 -Enabled | Export-Csv -path mycsv.csv

    LVL 35

    Accepted Solution

    Use the following at a command prompt.
    dsquery user -samid * | dsget user -samid -ln -fn -disabled

    The -disabled command displays the status of the accounts. A value yes returned establishes that the account is disabled (for logon); a value of no establishes that the account is enabled (for logon)

    You can then pipe this to anything.txt

    Author Closing Comment

    Who whoooo!  That's what I'm talkin about...   Fast, easy, no cost and I got the report to the auditors on time!  You are da man!
    LVL 35

    Expert Comment

    by:Joseph Daly
    one other thing you may need to do is add the -limit 0 switch if you have more than 100 users.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now