Search in:

Powershell Move disabled accounts to an OU location in the AD

Social Media

to make things easier regarding house keeping in your AD, this little script will look for all disabled user accounts in a specified OU in the Active Directory, and Move them into a holding area, which can be audited regularly.

Note: use a own risk, I’ve put a -whatif at the end of the cmdlet, remove it when your happy with your setting


$i = 0
$file = "c:\ulist.txt"
$adserver = (Get-ADDomain).PDCEmulator
$users = Search-ADAccount -AccountDisabled -UsersOnly -Credential domain\administrator -SearchBase "OU=Users,DC=Domain,DC=Local" | select SamAccountName | Out-File -FilePath $file -NoClobber

#remove whitesapce and blank lines
(gc $file) | ? {$_.trim() -ne "" } | set-content $file
$content = Get-Content($file)

foreach ($name in $content) {
$user = $name.Trim()
if ($user -eq "SamAccountName" -or $user -eq "--------------" -or $user -eq "" ) {
} Else {

#unlock this user this user.
$result = Get-ADUser -Identity $user | Move-ADObject -TargetPath "OU=Disabled Accounts,DC=Domain,DC=LOCAL" -whaif
write-host $user -BackgroundColor DarkRed -ForegroundColor Yellow
$i ++
}
}

#remove current user list.
Remove-Item($File)

if ($i -eq 0) {
write-host $i "Disabled Accounts Found" -BackgroundColor Green -ForegroundColor Yellow
} else {
write-host $i "Disabled Accounts Found" -BackgroundColor DarkRed -ForegroundColor Yellow
}

Leave a Reply

Your email address will not be published. Required fields are marked *