Twhite0909
asked on
AD - Query to find disabled users
I need a query to use in AD to find only disabled users. I am using the query below but it pulls alot of other stuff that I know is not disabled like conference rooms and other user accounts for some reason.
(&(objectCategory=User)(us erAccountC ontrol:1.2 .840.11355 6.1.4.803: =2))
(&(objectCategory=User)(us
Odd, your query worked for me, can you try refining it a bit
(&(objectCategory=person)( objectclas s=user)(us erAccountC ontrol:1.2 .840.11355 6.1.4.803: =2))
Powershell above is also great, Adfind is a free lightweight tool that has a great shortcut
http://www.joeware.net/freetools/tools/adfind/
adfind -sc users_disabled
Thanks
Mike
(&(objectCategory=person)(
Powershell above is also great, Adfind is a free lightweight tool that has a great shortcut
http://www.joeware.net/freetools/tools/adfind/
adfind -sc users_disabled
Thanks
Mike
ASKER
The query worked me I was just saying that it pulled back alot of accounts that are NOT disabled as well as accounts that are. Im looking to take out the accounts that are active from the list.
ASKER
The Powershell command does the same.
I need to get only DISABLED accounts. I am getting back all of My conference rooms, accountspayable, exec accounts et... all of these are ACTIVE and these commands and queries are pulling them in with this disabled user account list
I need to get only DISABLED accounts. I am getting back all of My conference rooms, accountspayable, exec accounts et... all of these are ACTIVE and these commands and queries are pulling them in with this disabled user account list
When I ran it it only returned disabled accounts, You are seeing enabled accounts too? Do those accounts have anything else set on the account options.
Can you download adfind and run
adfind -sc users_disabled name
Thanks
Mike
adfind -sc users_disabled name
Thanks
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Import-Module activedirectory
Then run the below command...
get-aduser -Filter * | Where-Object {$_.enabled -eq $false} | select Name, sAMAccountName, Enabled
Will.