Solved

List Disabled Users via Powershell

Posted on 2010-08-25
6
1,404 Views
Last Modified: 2012-05-10
Hi there,

I would like to know how can I list all the disabled users via Powershell in Windows 2008 SP2.

Does anyone know a Cmdlet or a script for it??

Thanks.
0
Comment
Question by:ney_santos
6 Comments
 
LVL 4

Accepted Solution

by:
flexiwebsw earned 125 total points
Comment Utility
Try this code
 Save it to a file with the '.ps1' extention then run it with the arguments zshown below:

C:\Disabled.ps1 -domain mydomain -q

make sure your computer allows unsigned scripts to run

to enable this, run powershell as admin, then type in these commands:

Set-ExecutionPolicy

Then when it asks for the policy type in this one:

RemoteSigned

then press enter followeed by Y then enter

you should now be able to execute unsigned scripts, but if you use the pre-made one attached then you will have to right click on the download and select 'UnBlock'
param(
$domain=$env:userdomain,
[switch]$query,
[switch]$whatif,
[switch]$help,
[switch]$examples,
[switch]$min,
[switch]$full
) #end param
# Begin Functions
function funHelp()
{
$descriptionText= `
@"
NAME: LocateDisabledUsers.ps1 
DESCRIPTION:
Locates disabled users a local or remote domain by
supplying the netbios name of the domain. 
The script can query multiple domains by accepting 
more than one value for the -domain parameter. The 
script also supports using -whatif to prototype the 
command prior to execution
PARAMETERS: 
-domain the domain or domains to query for locked 
out users. Note: this is the netbios domain name.
Does not accept fully qualified domain name. For
example: nwtraders is correct, nwtraders.com is 
not.
-query executes the query
-whatif prototypes the command.
-help prints help description and parameters file
-examples prints only help examples of syntax
-full prints complete help information
-min prints minimal help. Modifies -help
"@ #end descriptionText
$examplesText= `
@"
SYNTAX:
LocateDisabledUsers.ps1
Displays an error missing parameter, and calls help
LocateDisabledUsers.ps1 -query
Queries disabled user accounts. The domain queried is
the local logged on users domain from the machine 
that launched the script 
LocateDisabledUsers.ps1 -domain nwtraders, contoso -query
Queries disabled user accounts in the nwtraders domain and
in the contoso domain. The script is executed locally 
LocateDisabledUsers.ps1 -query -domain nwtraders -whatif
Displays what if: Perform operation locate disabled 
users from the nwtraders domain.The query will execute 
from the localhost computer
LocateDisabledUsers.ps1 -help
Prints the help topic for the script
LocateDisabledUsers.ps1 -help -full
Prints full help topic for the script
LocateDisabledUsers.ps1 -help -examples
Prints only the examples for the script
LocateDisabledUsers.ps1 -examples
Prints only the examples for the script
"@ #end examplesText
$remarks = `
"
REMARKS
For more information, type: $($MyInvocation.ScriptName) -help -full
" #end remarks
if($examples) { $examplesText ; $remarks ; exit }
if($full) { $descriptionText; $examplesText ; exit } 
if($min) { $descriptionText ; exit }
$descriptionText; $remarks 
exit
} #end funHelp function
function funline (
$strIN,
$char = "=",
$sColor = "Yellow",
$uColor = "darkYellow",
[switch]$help
)
{
if($help)
{
$local:helpText = `
@"
Funline accepts inputs: -strIN for input string and -char for seperator
-sColor for the string color, and -uColor for the underline color. Only 
the -strIn is required. The others have the following default values:
-char: =, -sColor: Yellow, -uColor: darkYellow
Example:
funline -strIN "Hello world"
funline -strIn "Morgen welt" -char "-" -sColor "blue" -uColor "yellow"
funline -help
"@
$local:helpText
break
} #end funline help
$strLine= $char * $strIn.length
Write-Host -ForegroundColor $sColor $strIN 
Write-Host -ForegroundColor $uColor $strLine
} #end funLine function
Function funWhatIf()
{
foreach($sDomain in $Domain)
{
"what if: Perform operation locate disabled users from the $sDomain domain"
}
exit
} #end funWhatIf
Function funQuery()
{
Foreach($sDomain in $domain)
{
$strOutput = Get-WmiObject -Class win32_useraccount -filter `
"domain = ""$sDomain"" AND disabled = 'true'"
$count = ($strOutput | Measure-Object).count
If($count -eq 0)
{ 
funline -scolor green -ucolor darkyellow -strIN `
"There are no disabled accounts in the $sDomain" 
} #end if
ELSE
{
funline -scolor red -ucolor darkyellow -strIN `
"$count disabled in the $sDomain domain -- List follows:" 
format-table -property name, sid -AutoSize -inputobject $strOutput
} #end else
} #end foreach
exit
} #end funquery
# Entry Point
if($help) { funhelp }
if($examples) { funhelp }
if($full) { funhelp }
if($whatif) { funWhatIf }
if(!$query) { "missing parameter" ; funhelp }
if($query) { funQuery }

Open in new window

0
 
LVL 13

Expert Comment

by:soostibi
Comment Utility
If you use and import the ActiveDirectory module of R2 then:

Search-ADAccount -AccountDisabled
0
 
LVL 13

Assisted Solution

by:soostibi
soostibi earned 125 total points
Comment Utility
Or, more precisely:

Search-ADAccount -AccountDisabled -usersonly
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
The Quest AD cmdlets can also help  http://www.quest.com/powershell/activeroles-server.aspx
Get-QADUser -SL 0 -disabled | FT displayname,sammaccountname
Thanks
Mike
0
 

Author Comment

by:ney_santos
Comment Utility
Thanks flexiwebsw, your script is perfect.

Soostibi... How can I import the R2 module on Win 2k8 SP2? Can I download it and install?

Mkline71... I can't install anyother thirty party modules on this enviroment, but thanks anyway.
0
 
LVL 13

Expert Comment

by:soostibi
Comment Utility
You can add the AD DS Remote Server Administration Tools feature with Server Manager and then in the PowerShell window run:
 import-module activedirectory
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now