Bulk user account disable in Active Directory 2008 R2
Hi,
I have a list of some 900+ people who have left our organisation in the past year and a half. For one reason or another these accounts are still live in our new Active Directory environment and I need a script, preferably a PowerShell script to disable all of these accounts. The only unique information I have for each user is their payroll number (which in AD is listed as their UID attribute), I do not have the sAMAccountname for any of these accounts.
A script is needed to import the UID from a CSV file, to find that user in AD based on their UID, and then to disable the accounts. I’d also like to populate the ‘Description’ field for each of these users essentially saying that they are disabled accounts, when they were disabled and by whom.
Any help gratefully received!
I have a list of some 900+ people who have left our organisation in the past year and a half. For one reason or another these accounts are still live in our new Active Directory environment and I need a script, preferably a PowerShell script to disable all of these accounts. The only unique information I have for each user is their payroll number (which in AD is listed as their UID attribute), I do not have the sAMAccountname for any of these accounts.
A script is needed to import the UID from a CSV file, to find that user in AD based on their UID, and then to disable the accounts. I’d also like to populate the ‘Description’ field for each of these users essentially saying that they are disabled accounts, when they were disabled and by whom.
Any help gratefully received!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, thanks all for replying. We use FIM to provision our accounts into AD from other data sources. We have employee numbers which FIM maps to the 'uid' attribute for a user thus keeping all the accounts unique.
The problem is that I need to find the sAMAccountname for each of these 900+ users and then disable those accounts. All I have is their employee number (which FIM maps to the uid attribute for a user in AD) and their actual name (we have some 20,000 users so actual names are not of any use really).
The problem is that I need to find the sAMAccountname for each of these 900+ users and then disable those accounts. All I have is their employee number (which FIM maps to the uid attribute for a user in AD) and their actual name (we have some 20,000 users so actual names are not of any use really).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you should be able to do this:
$users = import-csv <csv File>
foreach($user in $user){disable-aduser $user.Name}
your CSV will need a header with Name for the user's name.
If the attribute you are talking about is not something that can be filtered like this let me know.