Solved

Bulk user account disable in Active Directory 2008 R2

Posted on 2013-12-12
4
2,219 Views
1 Endorsement
Last Modified: 2014-01-02
Hi,

I have a list of some 900+ people who have left our organisation in the past year and a half.  For one reason or another these accounts are still live in our new Active Directory environment and I need a script, preferably a PowerShell script to disable all of these accounts.  The only unique information I have for each user is their payroll number (which in AD is listed as their UID attribute), I do not have the sAMAccountname for any of these accounts.

A script is needed to import the UID from a CSV file, to find that user in AD based on their UID, and then to disable the accounts.  I’d also like to populate the ‘Description’ field for each of these users essentially saying that they are disabled accounts, when they were disabled and by whom.

Any help gratefully received!
1
Comment
Question by:rookie_b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 39714414
When you say UID what do you mean exactly? are you talking EmployeeID?

you should be able to do this:

$users = import-csv <csv File>
foreach($user in $user){disable-aduser $user.Name}

your CSV will need a header with Name for the user's name.
If the attribute you are talking about is not something that can be filtered like this let me know.
0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 500 total points
ID: 39714459
Put the UID's which you want to disable in a text file and run below code against it
Import-Module Activedirectory
Foreach ($Uid in (GC C:\uid.txt)){
$User = Get-ADUser -Filter {uid -eq $UID}
	If ($User -ne $null){
	Disable-ADAccount $User.sAMAccountname
	}
}

Open in new window

0
 

Author Comment

by:rookie_b
ID: 39715947
Hi, thanks all for replying.  We use FIM to provision our accounts into AD from other data sources.  We have employee numbers which FIM maps to the 'uid' attribute for a user thus keeping all the accounts unique.

The problem is that I need to find the sAMAccountname for each of these 900+ users and then disable those accounts.  All I have is their employee number (which FIM maps to the uid attribute for a user in AD) and their actual name (we have some 20,000 users so actual names are not of any use really).
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39716107
Following code will export the list of matching accounts..
Import-Module Activedirectory
$(Foreach ($Uid in (GC C:\uid.txt)){
$User = Get-ADUser -Filter {uid -eq $UID} -Properties *
	If ($User -ne $null){
	$User | Select sAMAccountname,UID
	}
	Else{
	"" | Select @{N="sAMAccountname";E={"Not found"}},@{N="UID";E={$Uid}}
	}
}) | Export-Csv C:\report.csv -NTI

Open in new window

Following code will disable the accounts based on the csv file..
Import-Module Activedirectory
Import-Csv C:\report.csv | % {Disable-ADAccount $_.sAMAccountname}

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question