Export disabled users from Active Directory

You sometimes want to check which user accounts are disabled in Active Directory. Unfortunately, the Active Directory Users and Computers console is not that great when you want to export specific values. For example, you want to get all disabled users in a particular security group. That’s why PowerShell is here, to make it easier. In this article, you will learn how to export disabled users from Active Directory.

Table of contents

Before you start to export disabled Active Directory users

It’s good to know how the PowerShell script works and what you need to do or change for the perfect export results:

  1. Run PowerShell as administrator.
  2. Create a temp folder in (C:) drive. That’s where the script will export the CSV file.

Export disabled users from AD

Get all disabled users from Active Directory and export to CSV file.

Import-Module ActiveDirectory

Get-ADUser -Filter { Enabled -eq $false } -Properties * |
Select-Object Name, UserPrincipalName, Enabled | Sort-Object Name |

Export-Csv "c:\temp\DisabledUsers.csv" -Encoding UTF8 -NoTypeInformation

Open the CSV file with your favorite editor. For example, Microsoft Excel.

Export disabled users Active Directory CSV file

Export disabled users from OU

Get all disabled users from specific OU in Active Directory and export to CSV file.

You need to copy the OU distinguishedName.

Export disabled users Active Directory OU

Paste the OU distinguishedName in the below $OU variable.

Import-Module ActiveDirectory

$OU = "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local"

Get-ADUser -Filter { Enabled -eq $false } -SearchBase $OU -Properties * |
Select-Object Name, UserPrincipalName, Enabled | Sort-Object Name |

Export-Csv "c:\temp\DisabledUsersOU.csv" -Encoding UTF8 -NoTypeInformation

Export disabled users from group

Get all disabled users from specific group in Active Directory and export to CSV file.

You need to copy the group name (pre-Windows 2000).

Export disabled users Active Directory group

Paste the group name in the below $Group variable.

Import-Module ActiveDirectory

$Group = "Management-1620248956"

Get-ADGroupMember -Identity $Group -Recursive |
ForEach-Object {
    Get-ADUser -Properties * -Identity $_.SamAccountName | 
    Where-Object { $_.Enabled -eq $false } } |
Select-Object Name, UserPrincipalName, Enabled | Sort-Object Name |

Export-Csv "c:\temp\DisabledUsersGroup.csv" -Encoding UTF8 -NoTypeInformation

That’s it!

Read more: Add users to multiple groups with PowerShell »

Conclusion

You learned how to export disabled users from Active Directory. We showed three possibilities for exporting disabled users from Active Directory with PowerShell. Check your environment for disabled users and keep the PowerShell scripts as simple as possible.

Did you enjoy this article? You may also like Copy AD members between domains. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *