Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Disable multiple user accounts

Posted on 2010-09-10
7
Medium Priority
?
2,419 Views
Last Modified: 2012-05-10
I have a list of user accounts that I need to disable. These accounts are in different OUs and they are not all-inclusive of the accounts in those OUs (I need to disable some of the accounts, but not others). Is there a quick and easy way to disable all these accounts without having to find each one from the list of all accounts? Thanks in advance
0
Comment
Question by:Lotocus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 7

Expert Comment

by:grantsewell
ID: 33649634
What format is your list in? You could put together a fairly basic PowerShell script to do this for you.

I think the code would look something like this (untested):


function get-dn ($SAMName)
{
 	$root = [ADSI]''
 	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
	$user = $searcher.findall()

	if ($user.count -gt 1)
      {     
            $count = 0
            foreach($i in $user)
            { 
			write-host $count ": " $i.path 
                  $count = $count + 1
            }

            $selection = Read-Host "Please select item: "

return $user[$selection].path

      }
      else
      { 
	  	return $user[0].path
      }
}

$Name = $args[0]
$status = $args[1]
$path = get-dn $Name
"'" + $path + "'"  

# Disable the account
$account=[ADSI]$path
$account.psbase.invokeset("AccountDisabled", "True")
$account.setinfo()

Open in new window

0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649715
This can be very simply done using dsquery. In the example the SAMID is their username. If the list you have is not their username please let us know what it is and we can assist more.

dsquery user -samid | dsmod user -disabled yes

0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 500 total points
ID: 33649750
Also a quick script to do this assuming you have a txt file with usernames on single lines.  I have attached a sample file.txt as well.

for /F "tokens=1" %%h IN (file.txt) Do dsquery user -samid "%%h" |dsmod user -disabled yes

Open in new window

file.txt
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 7

Expert Comment

by:grantsewell
ID: 33649782
Great point, xxdcmast. I've be PowerShell-ing too much lately, I had forgot about dsquery. It might be a little more efficient for a quick task, though PowerShell is the new 2008 baby.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33649921
I think powershell is great and you can do alot with it but for quick easy stuff like this I like dsquery. But might as well do a little powershell excercise as well. So using the quest cmdlets
http://www.quest.com/activeroles-server/arms.aspx

The following command will do the same as above.

disable-qaduser {username}

and using the import-csv functionality

import-csv | foreach {disable-qaduser $_.username}

Where the CSV file has the column headings in the first row, in this case the column im pulling is called username.
0
 

Author Closing Comment

by:Lotocus
ID: 33661220
Thanks for the help - this will save me hours of time now and in the future. I knew there had to be a quick way to do it - I just didn't know how. Thanks.
0
 

Expert Comment

by:armgtit
ID: 35992864
The accepted solution does not work for me in a 2008 R2 environment am I missing something?
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question