Disable multiple user accounts

I have a list of user accounts that I need to disable. These accounts are in different OUs and they are not all-inclusive of the accounts in those OUs (I need to disable some of the accounts, but not others). Is there a quick and easy way to disable all these accounts without having to find each one from the list of all accounts? Thanks in advance
LotocusAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Joseph DalyConnect With a Mentor Commented:
Also a quick script to do this assuming you have a txt file with usernames on single lines.  I have attached a sample file.txt as well.

for /F "tokens=1" %%h IN (file.txt) Do dsquery user -samid "%%h" |dsmod user -disabled yes

Open in new window

file.txt
0
 
grantsewellCommented:
What format is your list in? You could put together a fairly basic PowerShell script to do this for you.

I think the code would look something like this (untested):


function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

# Disable the account
$account=[ADSI]$path
$account.psbase.invokeset("AccountDisabled", "True")
$account.setinfo()

Open in new window

0
 
Joseph DalyCommented:
This can be very simply done using dsquery. In the example the SAMID is their username. If the list you have is not their username please let us know what it is and we can assist more.

dsquery user -samid | dsmod user -disabled yes

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
grantsewellCommented:
Great point, xxdcmast. I've be PowerShell-ing too much lately, I had forgot about dsquery. It might be a little more efficient for a quick task, though PowerShell is the new 2008 baby.
0
 
Joseph DalyCommented:
I think powershell is great and you can do alot with it but for quick easy stuff like this I like dsquery. But might as well do a little powershell excercise as well. So using the quest cmdlets
http://www.quest.com/activeroles-server/arms.aspx

The following command will do the same as above.

disable-qaduser {username}

and using the import-csv functionality

import-csv | foreach {disable-qaduser $_.username}

Where the CSV file has the column headings in the first row, in this case the column im pulling is called username.
0
 
LotocusAuthor Commented:
Thanks for the help - this will save me hours of time now and in the future. I knew there had to be a quick way to do it - I just didn't know how. Thanks.
0
 
armgtitCommented:
The accepted solution does not work for me in a 2008 R2 environment am I missing something?
0
All Courses

From novice to tech pro — start learning today.