Using Disable-ADUser

by dana803 at 2012-12-14 14:27:53

Hello there,

First off, I’m still new to powershell and eager to learn more, so if, after reading this you can direct me to any good resources for a beginner who needs to learn the basics of syntax, variables, and also for using powershell to do administrative tasks, I’d really appreciate it. So far, all the presentations I’ve been to have great info but actually putting the ideas and demos into practice are over my head not knowing well the basics of the language.

Now, my current task:
I want to disable AD accounts based on a list in a txt or csv file. I read some helpful suggestions in this post for someone who wanted to change attributes.
I don’t need to update attributes. I just want to disable AD accounts per a list of samaccountnames in a txt file.

That post made me think I might be able to use the rough script I have below, which is similar to my working create users script with input file, but i have no path here since samaccountnames are not supposed to be duplicated.

I have tried something similar but nothing happened and no errors. I wanted to see if someone versed in powershell could tell me if my attempt below makes sense. And, is it possible to add something where it shows the results like my create script did? My create script had a passthru switch which supposedly showed the output. Not sure if this is something that would be recognized in this one…

Import-CSV D:\psscript\disableusers.csv |
ForEach-Object {
Disable-ADUser -Identity $.samaccountname}

If needed, is there a way to only look in a particular OU when doing this? At which point does performance or memory come into play when comparing everything in the input file (sometimes only 5-10 records) to all of AD when all the users to disable may only be in one particular OU or folder?

Thank you very much for any thoughts on this one!
by mikefrobbins at 2012-12-16 19:09:36
I modified your command slightly to make it run and return the results. It takes about 6 seconds to run in my test environment:
Import-CSV D:\tmp\UsersToDisable.csv |
ForEach-Object {
Disable-ADAccount -Identity $
.samaccountname -PassThru}
This command does the same thing and takes about a second to run in the same environment:
Import-CSV D:\tmp\UsersToDisable.csv | select -expand samaccountname | Disable-ADAccount -PassThru
If you have a list of just the SamAccountName in a text file with no headers, you could do the same thing with this command:
Get-Content D:\tmp\UsersToDisable.txt | Disable-ADAccount -PassThru
It won’t compare it against everything in AD. Just one specific item in AD for each row in the file. It uses the current object (samaccountname), one row from the file as the value for the identity property of Disable-ADAccount.

You would need to run Import-Module ActiveDirectory first if you’re using PowerShell v2.
by dana803 at 2012-12-19 07:29:02
Thank you Mike for the detailed input. I will use one of your suggested commands for my final run. Thanks! I will also read up on these different ways you did it to understand how the commands work to increase my PowerShell knowledge.

When I open Powershell, I’m actually opening the item in my start menu that says "powershell for active directory", and so far, it’s been working ok, so I’m assuming it already has the AD module loaded. I’ll have to figure out what version of PS I’m using too so I’m familiar with it and the differences between others I might use.

Thanks again!
by RichardSiddaway at 2012-12-19 07:57:29
To test your PowerShell version use
PS> $psversiontable

Name Value
---- -----
PSVersion 3.0
WSManStackVersion 3.0
CLRVersion 4.0.30319.18010
BuildVersion 6.2.9200.16434
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2

The above is the PowerShell v3 result on Windows 8

Powershell v2 is obvious because the PSversion is 2 and everything else is lower values

PowerShell v1 doesn’t return anything