Export disabled users from Active Directory

You sometimes want to check which user accounts are disabled in Active Directory. Unfortunately, the Active Directory Users and Computers console is not that great when you want to export specific values. For example, you want to get all disabled users in a particular security group. That’s why PowerShell is here, to make it easier. In this article, you will learn how to export disabled users from Active Directory.

Table of contents

Before you start

It’s good to know how the PowerShell script works and what you need to do or change for the perfect export results:

  1. Run PowerShell as administrator.
  2. Create a temp folder in (C:) drive or change the path in the script. That’s where the script will export the CSV file to.

Export Active Directory disabled users

Get all disabled users from Active Directory and export to CSV file.

# Export path for CSV file
$csvPath = "C:\Temp\DisabledUsers.csv"

# Import the ActiveDirectory module
Import-Module ActiveDirectory

# Use a try-catch block to handle any potential errors
try {
    # Get all disabled users from Active Directory
    Get-ADUser -Filter { Enabled -eq $false } -Properties Name, UserPrincipalName, Enabled |
    # Select the desired properties for the output
    Select-Object Name, UserPrincipalName, Enabled |
    # Sort the output by Name
    Sort-Object Name |
    # Export the output to a CSV file
    Export-Csv $csvPath -Encoding UTF8 -NoTypeInformation
    
    # Display a success message
    Write-Host "Script completed. Results exported to $csvPath" -ForegroundColor Cyan
}
catch {
    # Display an error message if the export fails
    Write-Host "Export failed: $_" -ForegroundColor Red
}

Open the CSV file with your favorite editor. For example, Microsoft Excel.

Export disabled users Active Directory CSV file

Export Active Directory disabled users from OU

Get all disabled users from specific OU in Active Directory and export to CSV file.

You need to copy the OU distinguishedName.

Export disabled users Active Directory OU

Paste the OU distinguishedName in the below $OU variable on line 5.

# Export path for CSV file
$csvPath = "C:\Temp\DisabledUsersOU.csv"

# Define the OU distinguishedName
$OU = "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local"

# Import the ActiveDirectory module
Import-Module ActiveDirectory

# Use a try-catch block to handle any potential errors
try {
    # Get disabled users from the specified OU
    Get-ADUser -Filter { Enabled -eq $false } -SearchBase $OU -Properties Name, UserPrincipalName, Enabled |
    # Select the desired properties for the output
    Select-Object Name, UserPrincipalName, Enabled |
    # Sort the output by Name
    Sort-Object Name |
    # Export the output to a CSV file
    Export-Csv $csvPath -Encoding UTF8 -NoTypeInformation
    
    # Display a success message
    Write-Host "Script completed. Results exported to $csvPath" -ForegroundColor Cyan
}
catch {
    # Display an error message if the export fails
    Write-Host "Export failed: $_" -ForegroundColor Red
}

Export Active Directory disabled users from group

Get all disabled users from specific group in Active Directory and export to CSV file.

You need to copy the group name (pre-Windows 2000).

Export disabled users Active Directory group

Paste the group name in the below $Group variable on line 5.

# Export path for CSV file
$csvPath = "C:\Temp\DisabledUsersGroup.csv"

# Define the name of the group
$Group = "Management-1620248956"

# Import the ActiveDirectory module
Import-Module ActiveDirectory

# Use a try-catch block to handle any potential errors
try {
    # Retrieve the AD group with the specified name
    $adGroup = Get-ADGroup -Filter "Name -eq '$Group'"
    
    # Check if the group exists
    if ($adGroup) {
        # Get all the members of the group, including nested members
        $groupMembers = Get-ADGroupMember -Identity $adGroup -Recursive

        # For each member, retrieve the corresponding AD user and check if they are disabled
        $disabledUsers = foreach ($member in $groupMembers) {
            # Retrieve the AD user properties
            Get-ADUser -Properties Name, UserPrincipalName, Enabled -Identity $member.SamAccountName |
            
            # Filter out the disabled users
            Where-Object { $_.Enabled -eq $false }
        }
        
        # Select the desired properties for the output
        $output = $disabledUsers | Select-Object Name, UserPrincipalName, Enabled |
        
        # Sort the output by name
        Sort-Object Name

        # Export the results to a CSV file
        $output | Export-Csv $csvPath -Encoding UTF8 -NoTypeInformation

        # Display a success message
        Write-Host "Script completed. Results exported to $csvPath" -ForegroundColor Cyan
    }
    else {
        # Display a message if the group couldn't be found
        Write-Host "Group '$Group' not found." -ForegroundColor Red
    }
}
catch {
    # Display an error message if the export fails
    Write-Host "Export failed: $_" -ForegroundColor Red
}

That’s it!

Read more: Add users to multiple groups with PowerShell »

Conclusion

You learned how to export disabled users from Active Directory. We showed three possibilities for exporting disabled users from Active Directory with PowerShell. Check your environment for disabled users and keep the PowerShell scripts as simple as possible.

Did you enjoy this article? You may also like Copy AD members between domains. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *