Link to home
Start Free TrialLog in
Avatar of Lotocus
Lotocus

asked on

Disable multiple user accounts

I have a list of user accounts that I need to disable. These accounts are in different OUs and they are not all-inclusive of the accounts in those OUs (I need to disable some of the accounts, but not others). Is there a quick and easy way to disable all these accounts without having to find each one from the list of all accounts? Thanks in advance
Avatar of grantsewell
grantsewell
Flag of United States of America image

What format is your list in? You could put together a fairly basic PowerShell script to do this for you.

I think the code would look something like this (untested):


function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

# Disable the account
$account=[ADSI]$path
$account.psbase.invokeset("AccountDisabled", "True")
$account.setinfo()

Open in new window

Avatar of Joseph Daly
This can be very simply done using dsquery. In the example the SAMID is their username. If the list you have is not their username please let us know what it is and we can assist more.

dsquery user -samid | dsmod user -disabled yes

ASKER CERTIFIED SOLUTION
Avatar of Joseph Daly
Joseph Daly
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Great point, xxdcmast. I've be PowerShell-ing too much lately, I had forgot about dsquery. It might be a little more efficient for a quick task, though PowerShell is the new 2008 baby.
I think powershell is great and you can do alot with it but for quick easy stuff like this I like dsquery. But might as well do a little powershell excercise as well. So using the quest cmdlets
http://www.quest.com/activeroles-server/arms.aspx

The following command will do the same as above.

disable-qaduser {username}

and using the import-csv functionality

import-csv | foreach {disable-qaduser $_.username}

Where the CSV file has the column headings in the first row, in this case the column im pulling is called username.
Avatar of Lotocus
Lotocus

ASKER

Thanks for the help - this will save me hours of time now and in the future. I knew there had to be a quick way to do it - I just didn't know how. Thanks.
The accepted solution does not work for me in a 2008 R2 environment am I missing something?