PowerShell: Get-ADUser to retrieve disabled user accounts


I’ve written about Get-ADUser several times before because it is a pretty essential cmdlet for any Active Directory administrator, but I haven’t written about it in a while.

Recently I had a need to list all disabled accounts in a domain, so here is how to do it using Get-ADUser.

As a quick recap, to view the available options with Get-ADUser type.

help Get-ADUser

help get-aduser

Next we want to find out the full list of properties Get-ADUser can give us so we can identify the specific property to search for. Pick a user at random and type:

Get-ADUser -identity username -properties *

get-aduser -identity username -properties star

Look for the Enabled property, as this is what we are going to search on.

Next type:

Get-ADUser -Filter * -Property Enabled | FT Name, Enabled -Autosize
get-aduser -filter star -property enabled pipe format-table name enabled autosize

So here you can see a list of all accounts, and whether they are disabled or not.

To only list the disabled accounts we need to use the Where-Object cmdlet.


Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”} | FT Name, Enabled -Autosize
get-aduser -filter star -property enabled pipe where-object enabled -like false format-table name enabled autosize


Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx

Where-Object can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx

Format-Table can be found here: https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/format-table

What the heck is $_ can be found here: https://technet.microsoft.com/en-us/library/ee677578.aspx

Related Get-ADUser Posts:

1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

2. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

3. PowerShell: Get-ADUser to retrieve password last set and expiry information

4. PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember

5. PowerShell: How to use Get-ADUser to list all recently created accounts (and recently changed accounts)



2 thoughts on “PowerShell: Get-ADUser to retrieve disabled user accounts

  1. Jeroen

    Not a good query. Now you first get all users, then get the disabled ones.
    Better is : Get-ADUser -Filter ‘Enabled -EQ $false’
    This fetches only the accounts you are looking for.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.