Forum Discussion

abedinthehouse's avatar
abedinthehouse
Copper Contributor
Mar 29, 2023

Bulk Disable Azure AD Users

I am looking for a way to disable (not delete) 300 AzureAD users with the "AccountEnabled" field. I was able to find the script below from an older post but I keep getting an error. I'm new here and even newer to using Azure (& Powershell as a whole) so not sure what I am missing exactly. Any and all help would be greatly appreciated! Thanks in advance 🙏🏽

 

 

$CSVrecords = Import-Csv C:\Users\Downloads\Test.csv

# Create arrays for skipped and failed users
$SkippedUsers = @()
$FailedUsers = @()

# Loop trough CSV records
foreach ($CSVrecord in $CSVrecords) {
$upn = $CSVrecord.UserPrincipalName
$user = Get-AzureADUser -Filter "UserPrincipalName eq '$upn'"
if ($user) {
try{
$user | Set-AzureADUser -AccountEnabled $CSVrecord.AccountEnabled
} catch {
$FailedUsers += $upn
Write-Warning "$upn user found, but FAILED to deactivate."
}
}
else {
Write-Warning "$upn not found, skipped"
$SkippedUsers += $upn
}
}

 

The error I keep getting is "$upn user found, but FAILED to deactivate."

My CSVs have two fields, UserPrincipalName & AccountEnabled

 

I've even tried just swapping the line below of the one under that, but still get the same error.

SWAPPED THIS: $user | Set-AzureADUser -AccountEnabled $CSVrecord.AccountEnabled

FOR THIS: $user | Update-AzureADUser -AccountEnabled false

 

Original code from Manfred101

  • Kevin_Morgan's avatar
    Kevin_Morgan
    Iron Contributor

    abedinthehouse 

     

    The command to disable Azure AD user is:

    Set-AzureADUser -ObjectID "user_upn_or_id" -AccountEnabled $false

     

    You can just change the line as like below one:

    Set-AzureADUser -ObjectID $user.ObjectId -AccountEnabled $false

     

    Refer this post to update bulk Azure AD User attributes:

    https://morgantechspace.com/2022/03/update-bulk-azure-ad-user-attributes-using-powershell.html

     

    If you're interested in updating bulk Office 365 user profile information without using PowerShell, try the Office 365 Manager from Specmasoft. This tool helps you modify bulk M365 users using CSV, update licenses, add bulk members to groups, and more.

     

    Update Bulk Office 365 User Profile Information from CSV | Specmasoft Office 365 Manager

     

    • abedinthehouse's avatar
      abedinthehouse
      Copper Contributor
      Thank you so much! This worked just perfectly with the ObjectId.

      Below is the final script I got working
      # Get CSV content
      $CSVrecords = Import-Csv C:\Users\abedi\Downloads\MLNAccounts.csv

      # Create arrays for skipped and failed users
      $SkippedUsers = @()
      $FailedUsers = @()

      # Loop trough CSV records
      foreach ($CSVrecord in $CSVrecords) {
      $ObjectID = $CSVrecord.ObjectID
      $user = Get-AzureADUser -ObjectID "$ObjectID"
      if ($user) {
      try{
      $user | Set-AzureADUser -AccountEnabled $false
      } catch {
      $FailedUsers += $ObjectID
      Write-Warning "$ObjectID user found, but FAILED to deactivate."
      }
      }
      else {
      $SkippedUsers += $ObjectID
      Write-Warning "$ObjectID not found, skipped"
      }
      }
  • TheoM1285's avatar
    TheoM1285
    Copper Contributor
    You can deactivate an Azure/EntraID account by setting BlockCredential to "True". The easiest way to do this in bulk is simply to run a CSV export of the OU you want to suspend all users in (e.g. "Leavers) and then run the following script:

    import-csv "PATH_TO_CSV.csv" | foreach {

    Set-MsolUser -UserPrincipalName $_.userPrincipalName -BlockCredential $True

    }

    Works a treat for me and very straight-forward.

Resources