How to check if a specific list of user accounts are disabled in AD, using powershell v2.0 or CMD / VBS
Solution 1
It seems I missed a *
. The correct code is:
dsquery * -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"
Solution 2
PowerShell
Get-ADUser -Identity SamAccountName
returns the user object for SamAccountName.
To get the enabled property, use:
Get-ADUser -Identity SamAccountName | Select-Property Enabled
.
Or
(Get-ADUser -Identity SamAccountName).Enabled
.
Edit: Or, lacking PowerShell AD module or PS 3.0+, use ADUC to implement an LDAP query, tweak the display columns to include what you want, then export the results to a file. Here's how (TechNet).
Related videos on Youtube
DSKyo
Updated on September 18, 2022Comments
-
DSKyo over 1 year
1) I have a txt list with sAMAaccountNames
2) I need to query each account name and verify whether it is disabled
3) if the account is disabled, delete it from AD
I'll just delete them manually if there isn't another way, but first I need to check all the accounts in my list to see if they are disabled or not.
I have powershell v2.0 installed on this server and the DC is windows server 2003. The management server is windows server 2008.
I don't have the Active Directory module and I cannot install it either.
How can I do this with CMD/VBScript or powershell v2.0?
I have tried to run
dsquery -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"
but I got the following error
dsquery failed:The parameter is incorrect.:Incorrect object type specified. type dsquery /? for help.
-
DSKyo over 7 years-1, I specified that I don't have ActiveDirectory module installed, therefore I cannot use Get-ADuser.
-
Jeter-work over 7 yearsYour 2008 server is missing a hotfix, which provides security upgrades to .NET 3.51. It also installs PS 3.0.
-
DSKyo over 7 yearsI agree, this server is missing many things, however it's not my say in what needs to be installed or not, I've gotta work with what I've been given. Thanks for trying to help tho.