#PSTip Disabling multiple AD user accounts

Note: This tip requires PowerShell 2.0 or above.

The Disable-ADAccount cmdlet disables an Active Directory user, computer, or service account. When you need to disable multiple accounts you might find yourself trying something obvious like:

PS> Disable-ADAccount -Identity user1,user2,user3

But that doesn’t work and yields an error. The Identity parameter doesn’t accept multiple values.  The typical solution is to use the services of the ForEach-Object cmdlet and pass one account at a time:

echo user1 user2 user3 | ForEach-Object {
   Disable-ADAccount -Identity $_
}

Fortunately there’s a better and easy way to do that by simply piping the values directly to Disable-ADAccount. By default, Disable-ADAccount does not generate any output. Add the -PassThru switch if you want to see the modified object(s).

echo user1 user2 user3 | Disable-ADAccount -PassThru
Share on: