When the need arises to query (search) for disabled users in Active Directory in very large environments where there are a lot of organization units etc., there are few ways to go about it. This process is relatively very easy to find using the Active Directory Administrative Center. In this article, we will learn How to find disabled Active Directory User accounts. Please see how to detect who disabled a user in Active Directory, andWhat Happens if You Turn Off Your Computer During an Update.
Also, see the Concept of Active Directory Computer Account, how to use the built-in Azure Active Directory Connect tool, and how to query a list of installed programs in Windows.
Disable AD Accounts
To demonstrate this, I will proceed to disable some users in my test lab as shown below.
This will let you know that the object has been disabled as shown below
Now we have some users deleted as shown below.
Note: To mitigate against this process in the future, it is best practice to have a container created and dedicated for housing disabled users only. below are some procedures to achieve this
Find Active Directory Disabled Account via PowerShell
This will run the below cmdlets to return disabled accounts. This will display the list of disabled users with other user account parameters (attributes) as shown in the image below.
Search-ADAccount -AccountDisabled
To return only the username of disabled users, run the following cmdlets as shown below.
Get-ADUser -Filter {Enabled -eq $false} | FT samAccountName
Common Queries
I will be demonstrating this using the common queries. Open the “Active Directory User and Computer” console as shown below.
Click on Tools and select Active Directory User and Computer
Click on “Find an object in Active Directory Domain Services”. Please see how to query, stop and delete a service in Windows
Under the Find drop-down menu, select “Common Queries”. Select Disabled account, and click on Find now as shown below
This will display a list of disabled accounts in your Active Directory environment as shown below.
Via Saved Queries
The below steps are used in displaying disabled users in the Active Directory environment.
Launch the Active Directory User and Computer Console. Right-click on “Saved Queries”. Click on New, and click on Query
This will open the “New Query” properties window. Enter the Query name, and click on Define Query
Select Disabled Account and click on Ok
This will display a list of disabled accounts as shown below as a saved query.
Ensure you have a procedure in place to delete disabled accounts after a certain period in order not to have a messy Active Directory environment.
I hope you found this article useful in learning how to find disabled Active Directory User accounts. Please feel free to leave a comment below.
