Query disabled accounts in a particular security group
Hi Team,
We need to Query to list disabled accounts in a particular security group in Windows Server 2008 R2 domain and pipe it out to any kind of document.
Could you please suggest any command line tools with the syntax..
Thanks!
March 26th, 2012 10:48am
Hi,
Thank you for the post.
Please use this command:
dsquery group -name GroupName | dsget group -members -expand | dsquery user -disabled >c:\disabledaccounts.txt
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 11:23pm
Thanks Rick! but I am getting output as only 2 disabled users whereas in that group there almost 10 disabled users. Could you please suggest..
March 27th, 2012 3:42am
Hi,
Well, please adjust the command to
dsquery group -name GroupName | dsget group -members -expand | dsget user -dn -disabled| find "yes"
You could run partial command based on "|" mark to troubleshooting like
dsquery group -name GroupName | dsget group -members -expand | dsget user -dn -disabled
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2012 2:25am
When I enter the above command the dsget app crashes and prompts to check for a solution online or close the app. Could you please provide a Powershell command to find the disabled users as mentioned in first question.
March 28th, 2012 9:56am
Hi,
I assume your server version is Windows Server 2008 R2.
The powershell command is:
Import-Module ActiveDirectory
Get-ADGroupMember -Identity "GroupDN" -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select DistinguishedName,Enabled | Export-Csv c:\result.csv -NoTypeInformation
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2012 2:19am
Hi,
I assume your server version is Windows Server 2008 R2.
The powershell command is:
Import-Module ActiveDirectory
Get-ADGroupMember -Identity "GroupDN" -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select DistinguishedName,Enabled | Export-Csv c:\result.csv -NoTypeInformation
RegardsRick Tan
TechNet Community Support
March 30th, 2012 9:16am