5

#PSTip Disabling multiple AD user accounts

Note: This tip requires PowerShell 2.0 or above.

The Disable-ADAccount cmdlet disables an Active Directory user, computer, or service account. When you need to disable multiple accounts you might find yourself trying something obvious like:

PS> Disable-ADAccount -Identity user1,user2,user3

But that doesn’t work and yields an error. The Identity parameter doesn’t accept multiple values.  The typical solution is to use the services of the ForEach-Object cmdlet and pass one account at a time:

echo user1 user2 user3 | ForEach-Object {
   Disable-ADAccount -Identity $_
}

Fortunately there’s a better and easy way to do that by simply piping the values directly to Disable-ADAccount. By default, Disable-ADAccount does not generate any output. Add the -PassThru switch if you want to see the modified object(s).

echo user1 user2 user3 | Disable-ADAccount -PassThru
Filed in: Columns, Tips and Tricks Tags: , ,

5 Responses to "#PSTip Disabling multiple AD user accounts"

  1. Agha says:

    What if your trying to disable multiple users from a list in a text file?

    • PowerShellMag says:

      No problem, assuming each name appears on a line of its own, read and pipe the content to the Disable-ADAccount cmdlet:

      Get-Content users.txt | Disable-ADAccount -PassThru

    • ShayLevy says:

      Another thing you can do:

      Get-ADUser -Filter {telephoneNumber -eq ’3011234′} | Disable-ADAccount

  2. matt says:

    This is great but what if i want to search based on telephone number (our staff ID numbers are stored in that field) and the boss often asks ‘disabe 3011234′ for example

Leave a Reply

Submit Comment

© 2014 PowerShell Magazine. All rights reserved. XHTML / CSS Valid.
Proudly designed by Theme Junkie.
%d bloggers like this: