script to check if a list of users' AD account is disabled.

If my user text file is C:\USERS.TXT.  

Would you help me to create a script to read my USERS.TXT and list out all the "DISABLED" users?

Thanks.

Would you modify the script to output the disabled account names into c:\disabled-users.txt?

Also, what extension should I use to save this scipt so it will be opened by ActiveRoles Management Shell automatically when I double click on it?

$UserCol = Get-Content C:\users.txt
$DisabledUsers = @()

$UserCol | ForEach-Object {
       
        $user = Get-QADUser -SearchRoot "dc=yourdomain,dc=com" -Identity $_ -DontUseDefaultIncludedProperties -IncludedProperties AccountIsDisabled

       if($user.AccountIsDisabled){
             
               Write-Output "User account:  $($user.NTAccountName) is disabled"
			   $DisabledUsers += $_.NTAccountName

        }
}

$DisabledUsers | Set-Content C:\DisabledUsers.txt

Select allOpen in new window

You'll have to save the script with a ".ps1" extension.  So say you save the script in C:\scripts, open up a shell window, cd to C:\scripts, and type the name of the script "myscript.ps1"

I tried the first PS1 script yesterday and it works.  Thanks.

I also tried the other "simple line" but it did not work.  

I would like to look into one more option which is to use the Windows native command DSQUERY USER.  

Anyone knows how to do this?

hi check out this scripts written by Richard L Mueller

http://www.rlmueller.net/Programs/IsUserLocked.txt

Hope it works for you.