Identifying disabled Windows ADS Users

It is often a requirement to audit the IT infrastructure at a defined interval as part of the security practices. Windows Active Directory plays vital role in the centralize authentication of the infrastructure and hence important that all exited employee’s accounts disabled on time. Regular audit help to identify any left employee account kept active and whereby avoid a security risk.

Let us start with some useful commands, I use Active User Module for Windows PowerShell

1 — I used Get-AdUser command to list the user details

2 — I used the below options to find all properties of the a specific user.

3 — The below command used to find all the disabled user accounts. Enabled -ed ‘True’ give active users.

4 — To filter only required fields for all the disabled users, I used

5 — Exported the output to a CSV file so that I can reuse later,

get-aduser -Filter {Enabled -eq 'False'} | export-csv -path c:\disabledusers.csv

6 — Final Command, I executed.

get-aduser -Filter {Enabled -eq 'True'} | select-object samaccountname,enabled | export-csv -path c:\activeusers.csv

Disclaimer:

It is recommended to test thoroughly before implement this in a production environment. These commands are executed on Windows 2022 Server. The commands and options may vary based on the version of the operating system. Requested to go through Microsoft documents for more details.