How to Check If AD User Account Is Disabled Using PowerShell and Netwrix Auditor

Native Solution vs. Netwrix Auditor for Active Directory

Native Solution Netwrix Auditor for Active Directory

Native Solution

Netwrix Auditor for Active Directory

Steps

Prerequisite: Before running any of the following scripts, you need to import the PowerShell Active Directory module. Use the following command:

Import-ModuleActiveDirectory

Checking whether a specific user is disabled with a command-line query

Open the Windows PowerShell ISE on your domain controllerserver.
Run the following script:

$User = Read-Host -Prompt 'Input the user name'; Get-ADUser -Filter {name -like $User -or samaccountname -like $User} | select SamAccountName, Enabled

Check the output of your script:

How to Check If AD User Account Is Disabled Using PowerShell

Checking whether one or more users are disabled using input from a file

Create a text file with a list of the AD users you want to check.
Open the Windows PowerShell ISE on your DC.
Run the following code, changing the file path to point to your text file:

$infile = "C:\Temp\Users.txt"
$users = Get-Content $infile
foreach ($user in $users){ Get-ADUser -Filter {name -like $user -or samaccountname -like $user} | Select Name, SamAccountName,Enabled }

Check the output of your script:

Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory – State-in-Time" → Select "User Accounts" → Click "View" → Type the user’s logon name in the “Logon Name” filter → Click "View Report".
Review the report:

How to Check If AD User Account Is Disabled Using Netwrix Auditor

If you want to list all disabled users, instead of typing a user’s logon name in Step 1, set the “Status” filter to “Disabled”.

You can export the report to CSV, PDF or another format by clicking the “Save” button.

Using PowerShell to Check If an AD User Is Disabled Can be Time-Consuming

Expired user accounts in a Microsoft Active Directory domain pose a security risk because anyone who has an account password could log on and utilize the account’s permissions for malicious purposes. On top of this, stale objects in your AD database take space, which can affect the performance of your systems. To improve security and keep the AD environment tidy, management guidelines recommend that administrators regularly review a list of disabled users and remove unneeded accounts in a timely manner.

The simplest way to find out whether an account is disabled is to check the user object’s properties via the Active Directory Users and Computers (ADUC) snap-in. However, it can take a great deal of time to browse through the AD hierarchy and manually check if each AD user account is disabled. Another option is using PowerShell, which enables you to retrieve the data of multiple users at once and even generate reports on schedule. However, fidgeting with PowerShell cmdlets and parameters takes precious time and requires certain level of expertise.

Netwrix Auditor for Active Directory can deliver easy-to-read reports on AD user properties, permissions and events without meticulous scripting, improving your IT team’s efficiency. Moreover, IT admins can also easily review Group Policy configurations, audit configuration changes, and prove compliance with regulatory requirements. Even better, Netwrix Auditor supports a wide range of systems in addition to Active Directory, includes an extensive set of predefined reports that will provide you with deep insight into activity across your entire infrastructure, and will even alert responsible specialists about misconfigurations and suspicious actions.

Previous How-to

How to Find Inactive Users in Active Directory using PowerShell or Netwrix Auditor

Next How-to

How to Get a SharePoint Online External Sharing Report