Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Disable multiple user accounts

Posted on 2010-09-10
7
Medium Priority
?
2,446 Views
Last Modified: 2012-05-10
I have a list of user accounts that I need to disable. These accounts are in different OUs and they are not all-inclusive of the accounts in those OUs (I need to disable some of the accounts, but not others). Is there a quick and easy way to disable all these accounts without having to find each one from the list of all accounts? Thanks in advance
0
Comment
Question by:Lotocus
7 Comments
 
LVL 7

Expert Comment

by:grantsewell
ID: 33649634
What format is your list in? You could put together a fairly basic PowerShell script to do this for you.

I think the code would look something like this (untested):


function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

# Disable the account
$account=[ADSI]$path
$account.psbase.invokeset("AccountDisabled", "True")
$account.setinfo()

Open in new window

0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649715
This can be very simply done using dsquery. In the example the SAMID is their username. If the list you have is not their username please let us know what it is and we can assist more.

dsquery user -samid | dsmod user -disabled yes

0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 500 total points
ID: 33649750
Also a quick script to do this assuming you have a txt file with usernames on single lines.  I have attached a sample file.txt as well.

for /F "tokens=1" %%h IN (file.txt) Do dsquery user -samid "%%h" |dsmod user -disabled yes

Open in new window

file.txt
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 7

Expert Comment

by:grantsewell
ID: 33649782
Great point, xxdcmast. I've be PowerShell-ing too much lately, I had forgot about dsquery. It might be a little more efficient for a quick task, though PowerShell is the new 2008 baby.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649921
I think powershell is great and you can do alot with it but for quick easy stuff like this I like dsquery. But might as well do a little powershell excercise as well. So using the quest cmdlets
http://www.quest.com/activeroles-server/arms.aspx

The following command will do the same as above.

disable-qaduser {username}

and using the import-csv functionality

import-csv | foreach {disable-qaduser $_.username}

Where the CSV file has the column headings in the first row, in this case the column im pulling is called username.
0
 

Author Closing Comment

by:Lotocus
ID: 33661220
Thanks for the help - this will save me hours of time now and in the future. I knew there had to be a quick way to do it - I just didn't know how. Thanks.
0
 

Expert Comment

by:armgtit
ID: 35992864
The accepted solution does not work for me in a 2008 R2 environment am I missing something?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question