list of all disabled users in Active directory 2008

Hi All,

I am looking to export  all disabled  users in Active  directory 2008 In a specific OU and outcome is user ID, Email Address Full name, and when was disabled  or all properties * :) if possible

Prefer to user a Power shell Scripts

Thanks
Rabih
RabihhajIT HelpDeskAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Use the below command...
Import-module activedirectory
Get-aduser -filter * -searchbase "ou=myou,dc=domain,dc=com" -properties displayname, samaccountname, primarysmtpaddress |
? {$_.Enabled -eq $false} |
select displayname, samaccountname, primarysmtpaddress, Enabled
Export-csv "c:\resutls.csv" -nti

Open in new window


You cannot determine when the account was disabled using a script. You would have to reference the security logs on the domain controller and also requires having auditing enabled.

Will.
0
RabihhajIT HelpDeskAuthor Commented:
Hi Will ,

Thanks for you quick response , is any way I can find how can I get to "ou=myou,dc=domain,dc=com" , where I can copy and past the structure of our AD object

Thanks
rabih
0
RabihhajIT HelpDeskAuthor Commented:
Hi Will ,

Not sure if my  is incorrect
please see the below script after I ran  it

"cmdlet Export-Csv at command pipeline position 1
Supply values for the following parameters:
InputObject: ^Z
[PS] H:\> " 

please advise

Thanks
Rabih
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Will SzymkowskiSenior Solution ArchitectCommented:
Sorry I forgot the Pipe command at the end of line 4. I have corrected this below.

Import-module activedirectory
Get-aduser -filter * -searchbase "ou=myou,dc=domain,dc=com" -properties displayname, samaccountname, primarysmtpaddress |
? {$_.Enabled -eq $false} |
select displayname, samaccountname, primarysmtpaddress, Enabled |
Export-csv "c:\resutls.csv" -nti

Open in new window


Will.
0
RabihhajIT HelpDeskAuthor Commented:
is any way I can find how can I get to "ou=myou,dc=domain,dc=com" , where I can copy and past the structure of our AD object
0
Will SzymkowskiSenior Solution ArchitectCommented:
This is just the path to where your OU is in AD.
Post a screenshot of your AD structure and I will tell you what is it. If this is a sub OU then post the entire structure.

Will.
0
RabihhajIT HelpDeskAuthor Commented:
Hi Will
please see the below ou folders
domain.local>user Accounts and every folders under user Accounts

Thanks
Rabih
0
RabihhajIT HelpDeskAuthor Commented:
I got it working ,  can I get also which OU this user are seating in .
or can I run it like -properties * and where I can add in the script


Thanks
Rabih
0
Will SzymkowskiSenior Solution ArchitectCommented:
I have modified the script below to add the DistinguishedName

Import-module activedirectory
Get-aduser -filter * -searchbase "ou=myou,dc=domain,dc=com" -properties displayname, samaccountname, primarysmtpaddress, DistinguishedName, Enabled |
? {$_.Enabled -eq $false} |
select displayname, samaccountname, primarysmtpaddress, DistinguishedName, Enabled |
Export-csv "c:\resutls.csv" -nti

Open in new window


Will.
0
RabihhajIT HelpDeskAuthor Commented:
Thanks , how about if I need to know what OU are they seating on Please
0
Will SzymkowskiSenior Solution ArchitectCommented:
The Distinguished Name shows the entire path where the user is located.

Will.
0
RabihhajIT HelpDeskAuthor Commented:
Hi Will , nearly getting there

please see the blew error
[PS] H:\>.\resultdisabled.ps1
Get-ADUser : One or more properties are invalid.
Parameter name: primarysmtpaddress
At H:\resultdisabled.ps1:2 char:11
+ Get-aduser <<<<  -filter * -searchbase "OU=User Accounts,DC=?????,DC=local" -properties displayname, samaccountname,
primarysmtpaddress, DistinguishedName, Enabled |
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : One or more properties are invalid.
Parameter name: primarysmtpaddress,Microsoft.ActiveDirectory.Management.Commands.GetADUser

[PS] H:\>

Please help

thanks
0
Will SzymkowskiSenior Solution ArchitectCommented:
Ahhh...I have modified below...
Import-module activedirectory
Get-aduser -filter * -searchbase "ou=myou,dc=domain,dc=com" -properties displayname, samaccountname, mail, DistinguishedName, Enabled |
? {$_.Enabled -eq $false} |
select displayname, samaccountname, mail, DistinguishedName, Enabled |
Export-csv "c:\resutls.csv" -nti

Open in new window


Will.
0
RabihhajIT HelpDeskAuthor Commented:
mate you did it and it is working . how can I give you a full points and grade is the higher  A,B or C
0
RabihhajIT HelpDeskAuthor Commented:
I tried to add to the script  Logon Name, but gave me an error  

what is  Attr LDAP Name for USER LOGON NAME in AD , need to get users UPN also please with the above script

Thanks
Rabih
0
Will SzymkowskiSenior Solution ArchitectCommented:
how can I give you a full points and grade is the higher  A,B or C

That would be nice! Unfortuneately Grade A is the best.

Import-module activedirectory
Get-aduser -filter * -searchbase "ou=myou,dc=domain,dc=com" -properties displayname, samaccountname, mail, DistinguishedName, UserPrincipalName, Enabled |
? {$_.Enabled -eq $false} |
select displayname, samaccountname, mail, DistinguishedName, UserPrincipalName, Enabled |
Export-csv "c:\resutls.csv" -nti

Open in new window


Script is now modified as you wish.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RabihhajIT HelpDeskAuthor Commented:
Quick response and excellent help
0
RabihhajIT HelpDeskAuthor Commented:
are you able to look at the other question I have on this site
list of all network access and pritners for user in Active directory 2008

not sure if I have explain much

thanks
Rabih
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.