Tags
If you have to disable a user in Powershell with the new “Active Directory Modules” which are part of a Server 2008 R2 Domain Controller? You’ve never had it so easy.
The command is DISABLE-ADACCOUNT and it can work on one account or multiple accounts at the same time.
Hard to use? Hardly! This is IT!
Disable-ADAccount [-Identity] <ADAccount> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <string>]
[-PassThru <switch>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]
Basic day to day use for most of us will involve
DISABLE-ADACCOUNT samname
like this
DISABLE-ADACCOUNT john.smith
And now the user “john.smith” is disabled in your Active Directory.
Or you can (if you prefer to play safer) use GET-ADUSER to SHOW you who you’re about to disable and pipe those results into the DISABLE-ACCOUNT Commamdlet. Like this.
GET-ADUSER john.smith | DISABLE-ADACCOUNT
Or you can even search a particular OU for a User (if you don’t know the SAM account, if your company uses SAM accounts UNIQUE from the
GET-ADUSER –filter ‘Name –like “John*”’ –SearchBase “OU=Bedrock,OU=Locations,DC=Contoso,DC=Local” | DISABLE-ADACCOUNT
And like all “destructive” features with Powershell you can tack on a –whatif to make SURE you don’t make mistakes!
GET-ADUSER –filter ‘Name –like “John*”’ | DISABLE-ADACCOUNT -whatif
And like all the Commandlets in Server 2008 R2, you can pass alternate credentials or specify servers to work with MULTIPLE domains EASILY from a single system
Powershell. It just ROCKS!
Sean
The Energized Tech