How to Check If AD User Account Is Disabled Using PowerShell and Netwrix Auditor

{{ firstError }}
We care about security of your data. Privacy Policy
Native Solution Netwrix Auditor for Active Directory
Native Solution
Netwrix Auditor for Active Directory
Steps

Prerequisite: Before running any of the following scripts, you need to import the PowerShell Active Directory module. Use the following command:

Import-ModuleActiveDirectory 

Checking whether a specific user is disabled with a command-line query

  1. Open the Windows PowerShell ISE on your domain controllerserver.
  2. Run the following script:

$User = Read-Host -Prompt 'Input the user name'; Get-ADUser -Filter {name -like $User -or samaccountname -like $User} | select SamAccountName, Enabled

  1. Check the output of your script:
How to Check If AD User Account Is Disabled Using PowerShell

 

Checking whether one or more users are disabled using input from a file

  1. Create a text file with a list of the AD users you want to check.
  2. Open the Windows PowerShell ISE on your DC.
  3. Run the following code, changing the file path to point to your text file:

$infile = "C:\Temp\Users.txt"  
$users = Get-Content $infile  
foreach ($user in $users){ Get-ADUser -Filter {name -like $user -or samaccountname -like $user} | Select Name, SamAccountName,Enabled }  

  1. Check the output of your script:
How to Check If AD User Account Is Disabled Using PowerShell
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory ­– State-in-Time" → Select "User Accounts" → Click "View" → Type the user’s logon name in the “Logon Name” filter → Click "View Report".
  2. Review the report:
How to Check If AD User Account Is Disabled Using Netwrix Auditor

If you want to list all disabled users, instead of typing a user’s logon name in Step 1, set the “Status” filter to “Disabled”.

You can export the report to CSV, PDF or another format by clicking the “Save” button.

Using PowerShell to Check If an AD User Is Disabled Can be Time-Consuming

Expired user accounts in a Microsoft Active Directory domain pose a security risk because anyone who has an account password could log on and utilize the account’s permissions for malicious purposes. On top of this, stale objects in your AD database take space, which can affect the performance of your systems. To improve security and keep the AD environment tidy, management guidelines recommend that administrators regularly review a list of disabled users and remove unneeded accounts in a timely manner. 

The simplest way to find out whether an account is disabled is to check the user object’s properties via the Active Directory Users and Computers (ADUC) snap-in. However, it can take a great deal of time to browse through the AD hierarchy and manually check if each AD user account is disabled. Another option is using PowerShell, which enables you to retrieve the data of multiple users at once and even generate reports on schedule. However, fidgeting with PowerShell cmdlets and parameters takes precious time and requires certain level of expertise.

Netwrix Auditor for Active Directory can deliver easy-to-read reports on AD user properties, permissions and events without meticulous scripting, improving your IT team’s efficiency. Moreover, IT admins can also easily review Group Policy configurations, audit configuration changes, and prove compliance with regulatory requirements. Even better, Netwrix Auditor supports a wide range of systems in addition to Active Directory, includes an extensive set of predefined reports that will provide you with deep insight into activity across your entire infrastructure, and will even alert responsible specialists about misconfigurations and suspicious actions.

Related How-tos