Home » PowerShell » Export List of Disabled Users from Active Directory

Export List of Disabled Users from Active Directory

by

Active Directory user object has Enabled property, if the Enabled property value is False, it means the account is disabled.

In this article, we will discuss how to get the list of disabled users in the active directory and export list of disabled users from the active directory using PowerShell.

In the example given below, we will find disabled users and export list of users to CSV file using the PowerShell Export-Csv cmdlet.

Table of Contents hide
1 Export List of Disabled Users from Active Directory
2 Conclusion

Export List of Disabled Users from Active Directory

If you want to have list of disabled users in active directory, we need to find all disabled users in active directory.

Using PowerShell Get-ADUser filter * gets all the users and checks whether each user Enabled property value is True or false to check the user’s disabled status.

Run below command

Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like "False"} | Select Name,SamAccountName,DistinguishedName,SID | Export-Csv -Path C:\disabledUsers.csv -NoTypeInformation

In the above PowerShell script,

The first command gets all users using the Get-ADUser cmdlet and passes the output to the second command.

The second command checks ad user enabled status using Where-Object and passes the output to the third command.

The third command selects the users Name, SamAccountName, DistinguishedName and SID property and passes disabled users properties to fourth command.

The fourth command uses a PowerShell Export-Csv cmdlet to export list of disabled users from the active directory to a location specified by the -Path parameter.

CSV file contains information about disabled users from the active directory.

Cool Tip: How to get ad user not logged in x days in PowerShell!

Conclusion

I hope the above article helps you to check the ad user enabled status and get the list of disabled users from the active directory. Using PowerShell Export-Csv cmdlet to export list of disabled users from active directory to CSV file.

Active directory user enabled status helps to identify user account status either active or disabled.

If the ad user account is disabled for more than X days or using the ad user last logon more than X days, you can delete the disabled ad account.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.