PowerShell command to find all disabled users in Active Directory

Here is a quick powershell command to find all users inside of your Active Directory domain that have been marked as disabled (this will exclude disabled computers):

Get-ADUser -Filter {Enabled -eq $false} | FT samAccountName

Additionally, you can specify which additional options you would like to show by change the filter table command we are piping the results to.  For example, this command will show the samAccountName, first name, and last name of the disabled users.

Get-ADUser -Filter {Enabled -eq $false} | FT samAccountName, GivenName, Surname

If you want no formatting whatsoever and have AD spit a bunch of information back at you, try running just the Get-ADUser part with the filter applied.

Get-ADUser -Filter {Enabled -eq $false

The following command below can be used to pull a list of disabled users and computers:

Search-ADAccount -AccountDisabled

 

4 thoughts on “PowerShell command to find all disabled users in Active Directory

  1. abbas

    Hi Jack,

    thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file?

    Thanks and Regards,

    Abbas

    Reply
    1. Jack Post author

      Hi abbas,

      You can use the SearchBase parameter to set which OU you want. For example:

      Get-ADUser -SearchBase "OU=MYOUHOLDINGTHEACCOUNTS,DC=MYDOMAIN,DC=COM" -Filter {Enabled -eq $false} | FT samAccountName

      Hope this helps!
      Jack

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *