Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need a script to get all the disabled accounts in an OU

Posted on 2016-11-17
4
Medium Priority
?
88 Views
Last Modified: 2016-12-01
I need a powershell script to get details of all disabled accounts in an OU. OU name is Test

OU=Test,DC=Contoso,DC=COM

Can someone help?.

Thanks in advance.
0
Comment
Question by:P S
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Expert Comment

by:Andy
ID: 41892559
Hi,

Try this command in Powershell:

Search-ADAccount -AccountDisabled
or
Search-ADAccount -AccountDisabled | Select-Object Name

or for OU specific:
Get-ADUser -filter * | where { $_.enabled -eq $False} -SearchBase "OU=ouname, OU=ouname,DC=name,dc=name"
1
 
LVL 5

Accepted Solution

by:
Kundan Gupta earned 2000 total points
ID: 41892582
Can be done  with below native powershell cmdlets:

import-module activedirectory
Get-ADUser -Filter * -SearchBase "OU=Test,DC=domain,DC=com" -Properties Name, sAMAccountName, Enabled | ? {$_Enabled -eq $false} | select Name, sAMAccountName, Enabled | Export-csv "c:\disabledusers.csv" -NoTypeInformation
0
 
LVL 15

Expert Comment

by:Ajit Singh
ID: 41892721
You could try below powershell cmdlets:

Get-ADUser -Filter * -SearchBase "OU=OUName,OU=OUName,DC=name,DC=name" -Properties EmployeeNumber | Where-Object {$_.Enabled -eq $false} | Select-Object SAMAccountName,EmployeeNumber | Export-Csv -Path C:\disabled.csv -NoTypeInformation

Open in new window


This expression will search the entire domain for user accounts that are disabled. The result will be a user account object.
search-adaccount -UsersOnly –AccountDisabled

Open in new window


Here is an article to manage disabled or inactive Active Directory accounts using PowerShell.

search-adaccount -UsersOnly –AccountDisabled –searchbase "OU=employees,dc=globomantics,dc=local"/code>

Open in new window


Import-Module ActiveDirectory
Search-ADAccount  -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly |
 Select -Property Name,DistinguishedName

Open in new window


Export Disabled AD Users to CSV using Powershell:

Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly |
 Select -Property Name,DistinguishedName |
 Export-CSV "C:\\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8

Open in new window


Hope this helps!
0
 

Author Closing Comment

by:P S
ID: 41908552
Worked perfectly
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question