- Open the PowerShell ISE → Run the following script, paying close attention to the properties used:
Search-ADAccount –AccountDisabled –UsersOnly –ResultPageSize 2000 –ResultSetSize $null | Select-Object SamAccountName, DistinguishedName | Export-CSV “C:\Temp\DisabledUsers.CSV” –NoTypeInformation
- Open the file produced by the script in MS Excel.
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory – State-in-Time" → Select "User Accounts" → Click "View" → Set the "Status" parameter to "Disabled" → Click "View Report".
- To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
Quickly Find Disabled Users in a Few Clicks Instead of Scripting in PowerShell
Many organizations regularly look for inactive user accounts and disable them to improve security. But the fact is, disabled accounts can actually be a bigger threat because attackers can use them as back doors to gain access to IT systems like Microsoft Active Directory and Windows Server. When AD users have been disabled for a while, IT administrators tend to forget about them, but those accounts can be re-enabled and exploited by attackers. Therefore, it’s critical to make sure that you know about all disabled user accounts in your Active Directory and delete any of them that are no longer needed to harden the security of your IT environment.
You can use PowerShell scripts and PowerShell cmdlets to perform basic tasks like showing a list of disabled users or exporting that list to a CSV file. However, this can take quite a lot of time, and requires advanced Windows PowerShell scripting skills. Once you’ve exported the user objects to CSV using PowerShell, you can finally review that list of disabled users.
Netwrix Auditor for Active Directory makes it easy to quickly get disabled users without the need to run any commands or scripts in PowerShell. Then you can easily check whether there are any user accounts that are no longer needed and can be deleted as part of IT housekeeping procedures. You can quickly filter the results and export the list of disabled user accounts to any of multiple file formats, including CSV. You can even subscribe to the report to stay current on any changes to disabled user accounts and harden the security of your IT systems.