The PowerShell Enable-AdAccount cmdlet in Active Directory enables active directory user account, ADComputer account, or service account.
Use the Get-AdUser cmdlet to get the aduser and with the Enable-AdAccount command, it enables user account.
Use Get-AdComputer to get an active directory computers and with the Enable-AdAccount command, it enables computers in the ad.
In this article, we will discuss the Enable-AdAccount cmdlet in Active Directory, its syntax, and how to use the PowerShell enable-adaccount to enable ad account of the user, enable ad account by identity, enable adaccount by distinguished name, enable adaccount in an organizational unit using the PowerShell.
PowerShell Enable-AdAccount Syntax
Use the Enable-AdAccount cmdlet to enable an active directory account.
Syntax:
Enable-ADAccount
[-WhatIf]
[-Confirm]
[-AuthType <ADAuthType>]
[-Credential <PSCredential>]
[-Identity] <ADAccount>
[-Partition <String>]
[-PassThru]
[-Server <String>]
[<CommonParameters>]
Parameters:
-AuthType โ Specify the authentication method to use either Basic authentication or Negotiate authentication. Negotiate authentication is default auth.
-Confirm โ Prompt you for confirmation to run the command
โCredentials โ Specify user account credentials to use to perform enable adaccount. Default is a user logged on user credentials to perform the task.
-Identity โ Specify an active directory account using the distinguished name, SAMAccountName, GUID, or security identifier.
Enable adaccount true or false value to decide if aduser adaccount is enabled or disabled.
Enable-AdAccount by Identity
You can enable ad account of aduser using Identity, run the following command to enable-adaccount in PowerShell
# Get ADUser account status ( adaccount is enable or disabled) Get-AdUser -Identity ErickJ # If adaccount is disabled, enable it using Enabled-AdAccount Enable-AdAccount -Identity ErickJ # Check AdUser account status ( Enable= True means adaccount is enabled. Enable = False means adaccount is disabled state) Get-AdUser -Identity ErickJ
In the above PowerShell script,
We first run the Get-AdUser command to get aduser account status either enabled or disabled.
In the second command, it uses the Enable-AdAccount to enable ad account of the user specified by the Identity parameter.
In the third command, we check the aduser account status again to verify whether the account is enabled or not.
The output of the above script to enable ad user account as:
Enable-AdAccount Multiple Users in Organizational Unit
You can use Get-AdUser command to get aduser in a specified organizational unit (OU) to get only adusers having adaccount disabled.
Find the aduser disabled adaccount in Organizational Unit and use the Enabled-AdAccount to enable adaccount using the following command.
Get-ADUser -Filter * -SearchBase "OU=HR,DC=SHELLPRO,DC=LOCAL" | Where-Object{$_.Enabled -like "False"} | Enable-AdAccount
In the above PowerShell to enable-adaccount multiple users in OU,
The first command gets aduser in specified OU where-object the enabled status is false ( it means the adaccount is disabled) and passes the output to the second command.
The second command uses the Enable-AdAccount command to enable adaccount of adusers.
If you run again get aduser enable true command as below to verify whether aduser accounts enabled true or not
Get-ADUser -Filter * -SearchBase "OU=HR,DC=SHELLPRO,DC=LOCAL" | Where-Object{$_.Enabled -like "True"}
Above PowerShell script using the Get-AdUser cmdlet get aduser enable true accounts in specified OU.
Cool Tip: How to unlock ad account in active directory with PowerShell
Conclusion
I hope the above article on Enabled-AdAccount of aduser in active directory helps you to enable adaccount of multiple users easily.
Using the Get-AdUser cmdlet in Active Directory with where condition to get aduser enable true to check enabled accounts in active directory using the PowerShell.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.