asked on

AD - Query to find disabled users

I need a query to use in AD to find only disabled users. I am using the query below but it pulls alot of other stuff that I know is not disabled like conference rooms and other user accounts for some reason.

(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=2))

Will Szymkowski

You can use powershell to accomplish this..Use the below command...

Import-Module activedirectory

Then run the below command...

get-aduser -Filter * | Where-Object {$_.enabled -eq $false} | select Name, sAMAccountName, Enabled

Will.

Mike Kline

Odd, your query worked for me, can you try refining it a bit

(&(objectCategory=person)(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

Powershell above is also great, Adfind is a free lightweight tool that has a great shortcut

http://www.joeware.net/freetools/tools/adfind/

adfind -sc users_disabled

Thanks

Mike

Twhite0909

ASKER

The query worked me I was just saying that it pulled back alot of accounts that are NOT disabled as well as accounts that are. Im looking to take out the accounts that are active from the list.

Twhite0909

ASKER

The Powershell command does the same.

I need to get only DISABLED accounts. I am getting back all of My conference rooms, accountspayable, exec accounts et... all of these are ACTIVE and these commands and queries are pulling them in with this disabled user account list

Mike Kline

When I ran it it only returned disabled accounts, You are seeing enabled accounts too? Do those accounts have anything else set on the account options.

Mike Kline

Can you download adfind and run

adfind -sc users_disabled name

Thanks

Mike

ASKER CERTIFIED SOLUTION

Will Szymkowski

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial