The larger an Active Directory becomes, the more confusing it becomes. Especially for domains that manage several hundred or thousand AD accounts , it happens that numerous deactivated AD accounts exist. For this reason, it is advisable to get an overview of which Active Directory accounts are deactivated from time to time, in order to delete them permanently.
Query deactivated AD accounts via PowerShell
The PowerShell is again ideal for this process. We have often reported on similar PowerShell queries in the past , you will find a list of the most useful PowerShell queries in connection with an Active Directory domain at the end of this article.
To get a list of the deactivated AD users , you simply have to issue the following command in a PowerShell console .
Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name, DistinguishedName
This then simply lists all deactivated accounts, as you can see here in the figure below.
The list of deactivated AD accounts shows the AD account name and the “ DistinguishedName ”. With large networks in particular, this listing can of course be very long and it makes more sense to export the result to a text file or CSV file. In this case you have to add a few parameters to the ” Search-ADAccount ” command. The complete command is then, for example, as follows.
Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name, DistinguishedName | Export CSV “C: Temp DeactivatedUser.csv” -NoTypeInformation -Encoding UTF8
In this example it is a CSV file that you can simply edit in ” Notepad ” or import into Excel .
As already announced above, here is a list of additional PowerShell commands for the Active Directory .
– Query members of an AD group using PowerShell – Count the
number of AD (Active Directory) objects using PowerShell
– Determine LastLogon (last login) of a user in AD using Get-ADUser
– List AD user accounts that have entered a profile path
– Deactivate user account in Windows 10
– Determine which AD user has never logged on
– Create a list of all XP PCs in the AD (Active Directory)