Prerequisite: Before running any of the following scripts, you need to import the PowerShell Active Directory module. Use the following command:
Import-ModuleActiveDirectory
Checking whether a specific user is disabled with a command-line query
- Open the Windows PowerShell ISE on your domain controllerserver.
- Run the following script:
$User = Read-Host -Prompt 'Input the user name'; Get-ADUser -Filter {name -like $User -or samaccountname -like $User} | select SamAccountName, Enabled
- Check the output of your script:
Checking whether one or more users are disabled using input from a file
- Create a text file with a list of the AD users you want to check.
- Open the Windows PowerShell ISE on your DC.
- Run the following code, changing the file path to point to your text file:
$infile = "C:\Temp\Users.txt"
$users = Get-Content $infile
foreach ($user in $users){ Get-ADUser -Filter {name -like $user -or samaccountname -like $user} | Select Name, SamAccountName,Enabled }
- Check the output of your script:
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory – State-in-Time" → Select "User Accounts" → Click "View" → Type the user’s logon name in the “Logon Name” filter → Click "View Report".
- Review the report:
If you want to list all disabled users, instead of typing a user’s logon name in Step 1, set the “Status” filter to “Disabled”.
You can export the report to CSV, PDF or another format by clicking the “Save” button.