Forum Discussion

ADumith's avatar
ADumith
Iron Contributor
Apr 19, 2023
Solved

How to list the disabled accounts and in which groups they are.

Hello guys,

I have the following script, my goal is to list all user accounts that are not enabled and in which group they are.

 

Get-ADUSer -SearchBase "DC=mydomain,DC=net" -Filter {enabled -eq $False} -Properties * | Select-Object givevname, sn, displayname,gr,memberof

 

The script runs but the result is not as expected, any ideas?

 

Thanks,

Windows PowerShell
  • Andres-Bohren's avatar
    Andres-Bohren
    Apr 19, 2023

    ADumith eliekarkafy 

     

    The Approach from eliekarkafy  works fine.

     

    $DisabledUsers = Get-ADUser -Filter {(Enabled -eq $false)} -Properties MemberOf | Select-Object Name, MemberOf
    Foreach ($User in $DisabledUsers)
    {
    Write-Host "Username: $($User.Name)"
    Foreach ($Group in $user.MemberOf)
    {
    Write-Host "Group: $Group"
    }
    }

     

    Regards

    Andres

  • eliekarkafy's avatar
    eliekarkafy
    MVP
    Apr 19, 2023

    ADumith please try the below script 

     

    # Connect to Azure AD
    Connect-AzureAD

    # Get all disabled user accounts
    $disabledUsers = Get-AzureADUser -Filter "AccountEnabled eq false"

    # Loop through each disabled user account
    foreach ($user in $disabledUsers) {
    # Get the user's group membership
    $groupMembership = Get-AzureADUserMembership -ObjectId $user.ObjectId
    $groupNames = $groupMembership | ForEach-Object { $_.DisplayName }

    # Print the user's name and group membership
    Write-Host "User: $($user.DisplayName)"
    Write-Host "Groups: $($groupNames -join ', ')"
    Write-Host ""
    }

     

    Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

    • ADumith's avatar
      ADumith
      Iron Contributor
      Apr 19, 2023

      Hello eliekarkafy,

      Sorry I forgot to mention that my AD is on-prem, so I wonder this script won't work.

       

      There is a way to pull out only the users that are in any group? because I just realize that the script will provide all the users and I'm looking that thought they are not enabled they are still in some group. 


      Thank you in advance,

      • eliekarkafy's avatar
        eliekarkafy
        MVP
        Apr 19, 2023

        ADumith please use the below script , i added to it to export to csv file 

         

        Get-ADUser -Filter {(Enabled -eq $false)} -Properties MemberOf | Select-Object Name, MemberOf | Export-CSV -Path "C:\DisabledUsers.csv" -NoTypeInformation

         

        Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

Resources