Solved

Disable multiple user accounts

Posted on 2010-09-10
7
2,378 Views
Last Modified: 2012-05-10
I have a list of user accounts that I need to disable. These accounts are in different OUs and they are not all-inclusive of the accounts in those OUs (I need to disable some of the accounts, but not others). Is there a quick and easy way to disable all these accounts without having to find each one from the list of all accounts? Thanks in advance
0
Comment
Question by:Lotocus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 7

Expert Comment

by:grantsewell
ID: 33649634
What format is your list in? You could put together a fairly basic PowerShell script to do this for you.

I think the code would look something like this (untested):


function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

# Disable the account
$account=[ADSI]$path
$account.psbase.invokeset("AccountDisabled", "True")
$account.setinfo()

Open in new window

0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649715
This can be very simply done using dsquery. In the example the SAMID is their username. If the list you have is not their username please let us know what it is and we can assist more.

dsquery user -samid | dsmod user -disabled yes

0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 125 total points
ID: 33649750
Also a quick script to do this assuming you have a txt file with usernames on single lines.  I have attached a sample file.txt as well.

for /F "tokens=1" %%h IN (file.txt) Do dsquery user -samid "%%h" |dsmod user -disabled yes

Open in new window

file.txt
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 7

Expert Comment

by:grantsewell
ID: 33649782
Great point, xxdcmast. I've be PowerShell-ing too much lately, I had forgot about dsquery. It might be a little more efficient for a quick task, though PowerShell is the new 2008 baby.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649921
I think powershell is great and you can do alot with it but for quick easy stuff like this I like dsquery. But might as well do a little powershell excercise as well. So using the quest cmdlets
http://www.quest.com/activeroles-server/arms.aspx

The following command will do the same as above.

disable-qaduser {username}

and using the import-csv functionality

import-csv | foreach {disable-qaduser $_.username}

Where the CSV file has the column headings in the first row, in this case the column im pulling is called username.
0
 

Author Closing Comment

by:Lotocus
ID: 33661220
Thanks for the help - this will save me hours of time now and in the future. I knew there had to be a quick way to do it - I just didn't know how. Thanks.
0
 

Expert Comment

by:armgtit
ID: 35992864
The accepted solution does not work for me in a 2008 R2 environment am I missing something?
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question