I’ve written about Get-ADUser several times before because it is a pretty essential cmdlet for any Active Directory administrator, but I haven’t written about it in a while.
Recently I had a need to list all disabled accounts in a domain, so here is how to do it using Get-ADUser.
As a quick recap, to view the available options with Get-ADUser type.
Next we want to find out the full list of properties Get-ADUser can give us so we can identify the specific property to search for. Pick a user at random and type:
Get-ADUser -identity username -properties *
Look for the Enabled property, as this is what we are going to search on.
So here you can see a list of all accounts, and whether they are disabled or not.
To only list the disabled accounts we need to use the Where-Object cmdlet.
Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx
Where-Object can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx
Format-Table can be found here: https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/format-table
What the heck is $_ can be found here: https://technet.microsoft.com/en-us/library/ee677578.aspx
Related Get-ADUser Posts: