Tags


Powershell

If you have to disable a user in Powershell with the new “Active Directory Modules” which are part of a Server 2008 R2 Domain Controller?  You’ve never had it so easy.

The command is DISABLE-ADACCOUNT and it can work on one account or multiple accounts at the same time.

Hard to use?  Hardly!  This is IT!

 

Disable-ADAccount [-Identity] <ADAccount> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <string>]
[-PassThru <switch>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

 

Basic day to day use for most of us will involve

DISABLE-ADACCOUNT samname

like this

DISABLE-ADACCOUNT john.smith

And now the user “john.smith” is disabled in your Active Directory.

Or you can (if you prefer to play safer) use GET-ADUSER to SHOW you who you’re about to disable and pipe those results into the DISABLE-ACCOUNT Commamdlet.  Like this.

GET-ADUSER john.smith | DISABLE-ADACCOUNT

Or you can even search a particular OU for a User (if you don’t know the SAM account, if your company uses SAM accounts UNIQUE from the

GET-ADUSER –filter ‘Name –like “John*”’ –SearchBase “OU=Bedrock,OU=Locations,DC=Contoso,DC=Local” | DISABLE-ADACCOUNT

And like all “destructive” features with Powershell you can tack on a –whatif to make SURE you don’t make mistakes!

GET-ADUSER –filter ‘Name –like “John*”’ | DISABLE-ADACCOUNT -whatif

And like all the Commandlets in Server 2008 R2, you can pass alternate credentials or specify servers to work with MULTIPLE domains EASILY from a single system

 

Powershell.  It just ROCKS!

Sean
The Energized Tech

Advertisements