Remove-AdUser: Delete Ad User using PowerShell

Remove-AdUser cmdlet in PowerShell removes an Active Directory User. As an Admin, it’s very important to keep the active directory up-to-date and delete any orphan objects if any from an active directory.

You can use the Remove-ADUser cmdlet to remove a specified aduser by SAMAccountName, remove multiple users from an active directory, remove aduser by distinguished name or remove aduser from ad group.

You can use the Get-ADUser cmdlet in PowerShell to get one or more ad users based on search criteria and pass the aduser object pipeline to Remove-AdUser to remove aduser in an active directory. Search-ADAccount cmdlet also to search adaccount for any users that have not login to the system for x days or have disabled accounts.

In this article, I will explain how to use the Remove-ADUser cmdlet effectively to delete ad users using PowerShell with examples.

Remove-AdUser Syntax

Remove-ADUser removes an active directory user.


      [-AuthType <ADAuthType>]
      [-Credential <PSCredential>]
      [-Identity] <ADUser>
      [-Partition <String>]
      [-Server <String>]


AuthType – authentication method to use based on either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.

SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.

Credential PSCredential – It specifies user credentials required to perform Remove-ADUser. By default, it uses the credentials of currently logged-on user.

To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.

-Identity – It specifies Active Directory user by using below property value

  • Distinguished Name
  • SAMAccountName
  • Security Identifier
  • GUID

The identifier specified in parenthesis is the LDAP display name.

-Partition – It specifies the distinguished name of an active directory partition.

-Server: It specified AD DS instance to connect to. You can specify the AD DS instance in one of the following ways

  • Fully Qualified Domain Name
  • NetBIOS name

Let’s understand how to use Remove-ADUser with examples.

Remove-ADUser by SamAccountName

You can use Remove-ADUser to remove a specific ad user specified by SamAccountName as given below

Remove-ADUser -Identity Toms

This command removes aduser Toms specified by the Identity parameter.

Remove-AdUser by DistinguishedName

You can use Remove-AdUser to remove aduser by distinguishedname as given below

Remove-ADUser -Identity "CN=Tom Smit,OU=HR,DC=SHELLPRO,DC=COM"

In the above Remove-AdUser example script,

It removes aduser by distinguishedname CN=Tom Smith,OU=HR,DC=SHELLPRO,DC=COM

Cool Tip: How to move ad user to another OU with PowerShell!

Remove Multiple ADUsers

You can use the Search-AdAccount cmdlet to searches for adusers that have disabled adaccount, it will return one or more adusers from the active directory, use the below command to remove multiple adusers.

Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | Remove-ADUser

In the above PowerShell script, the Search-AdAccount cmdlet finds accounts that are disabled in an active directory, it can be users or computers, and pass the output to the second command.

The second command uses where to check adaccount is users only using ObjectClass equal to the user and get disabled adusers only and pass output to the third command.

The third command uses the Remove-AdUser cmdlet to remove multiple adusers having disabled status.


I hope the above article on the Remove-ADUser cmdlet to delete aduser from active directory.

Use Get-AdUser or Search-AdAccount to get active directory users and pass the output to Remove-Aduser to remove active directory users.

Cool Tip: How to use get-adprincipalgroupmembership in Active Directory!

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment