Using a power shell batch file to disable a user in Active directory

Hi,

I need help creating a power shell batch file that would disable a user in Active directory.
Of course the file needs to prompt for the ADUser name and then proceed to disable him/her.

It would be a bonus if the file could also include code to move the newly disabled AD user to a folder called OldUsers.

Thanks
adamtraskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Use the following command below...
Import-module activedirectory
Set-ADUser -Identity (read-host "enter username") -Enabled $false

Open in new window


Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oBdACommented:
# OU path to the disabled users OU (DC component not required)
$DisabledUsersPath = "OU=OldUsers"
$UserSAM = Read-Host "Enter the user logon name to disable"
Try {
	$ADUser = Get-ADUser -Identity $UserSAM
} Catch {
	$_.Exception.Message | Write-Warning
	If ($_.CategoryInfo.Category.ToString() -eq "ObjectNotFound") {
		"Users with names similar to '$($UserSAM)':" | Write-Host
		Get-ADUser -Filter "SamAccountName -like '*$($UserSAM)*'" | Select-Object -Property SamAccountName, DistinguishedName | Format-Table -AutoSize
	}
	Exit
}
"Found user in AD: $($ADUser.DistinguishedName)" | Write-Host -Foregroundcolor White
Try {
	"Disabling user ... " | Write-Host -Foregroundcolor White -NoNewline
	If ($ADUser.Enabled) {
		Set-ADUser -Identity $ADUser -Enabled $False
		"OK." | Write-Host -Foregroundcolor Green
	} Else {
		"was already disabled." | Write-Host -Foregroundcolor Green
	}
	$TargetPath = $DisabledUsersPath + $ADUser.DistinguishedName.SubString($ADUser.DistinguishedName.IndexOf(",DC="))
	$UserPath = $ADUser.DistinguishedName.SubString($ADUser.DistinguishedName.IndexOf(",OU=") + 1)
	"Moving user to '$($TargetPath)' ... " | Write-Host -Foregroundcolor White -NoNewline
	If ($TargetPath -ne $UserPath) {
		Move-ADObject -Identity $ADUser -TargetPath $TargetPath
		"OK." | Write-Host -Foregroundcolor Green
	} Else {
		"was already in the OU for disabled users." | Write-Host -Foregroundcolor Green
	}
} Catch {
	Write-Host
	$_.Exception.Message | Write-Host -Foregroundcolor Red
	$_.InvocationInfo.PositionMessage | Write-Host -Foregroundcolor Red
}

Open in new window

0
David Johnson, CD, MVPOwnerCommented:
no points: oBda -- like your solution!
0
adamtraskAuthor Commented:
Thank you very much.... oBda -- I need to spend some time studying your solution. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.