cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to list the disabled accounts and in which groups they are.

ADumith
Iron Contributor

‎Apr 19 2023 07:30 AM

‎Apr 19 2023 07:30 AM

How to list the disabled accounts and in which groups they are.

Hello guys,

I have the following script, my goal is to list all user accounts that are not enabled and in which group they are.

 

Get-ADUSer -SearchBase "DC=mydomain,DC=net" -Filter {enabled -eq $False} -Properties * | Select-Object givevname, sn, displayname,gr,memberof

 

The script runs but the result is not as expected, any ideas?

 

Thanks,

Labels:
4,108 Views
0 Likes
7 Replies
Reply
7 Replies
eliekarkafy

‎Apr 19 2023 07:41 AM

‎Apr 19 2023 07:41 AM

Re: How to list the disabled accounts and in which groups they are.

@ADumith please try the below script 

 

# Connect to Azure AD
Connect-AzureAD

# Get all disabled user accounts
$disabledUsers = Get-AzureADUser -Filter "AccountEnabled eq false"

# Loop through each disabled user account
foreach ($user in $disabledUsers) {
# Get the user's group membership
$groupMembership = Get-AzureADUserMembership -ObjectId $user.ObjectId
$groupNames = $groupMembership | ForEach-Object { $_.DisplayName }

# Print the user's name and group membership
Write-Host "User: $($user.DisplayName)"
Write-Host "Groups: $($groupNames -join ', ')"
Write-Host ""
}

 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

0 Likes
Reply
ADumith

‎Apr 19 2023 07:48 AM - edited ‎Apr 19 2023 07:53 AM

‎Apr 19 2023 07:48 AM - edited ‎Apr 19 2023 07:53 AM

Re: How to list the disabled accounts and in which groups they are.

Hello @eliekarkafy,

Sorry I forgot to mention that my AD is on-prem, so I wonder this script won't work.

 

There is a way to pull out only the users that are in any group? because I just realize that the script will provide all the users and I'm looking that thought they are not enabled they are still in some group. 


Thank you in advance,

0 Likes
Reply
eliekarkafy

‎Apr 19 2023 08:24 AM

‎Apr 19 2023 08:24 AM

Re: How to list the disabled accounts and in which groups they are.

@ADumith please use the below script , i added to it to export to csv file 

 

Get-ADUser -Filter {(Enabled -eq $false)} -Properties MemberOf | Select-Object Name, MemberOf | Export-CSV -Path "C:\DisabledUsers.csv" -NoTypeInformation

 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

1 Like
Reply
ADumith

‎Apr 19 2023 09:13 AM

‎Apr 19 2023 09:13 AM

Re: How to list the disabled accounts and in which groups they are.

Hello,

I think something is wrong because all the user has the same Group which is Microsoft.ActiveDirectory.Management.ADPropertyValueCollection

Any ideas?

Thank you in advance,
0 Likes
Reply
best response confirmed by ADumith (Iron Contributor)
Andres Bohren

‎Apr 19 2023 03:04 PM

‎Apr 19 2023 03:04 PM

Solution

Re: How to list the disabled accounts and in which groups they are.

@ADumith @eliekarkafy 

 

The Approach from @eliekarkafy  works fine.

 

$DisabledUsers = Get-ADUser -Filter {(Enabled -eq $false)} -Properties MemberOf | Select-Object Name, MemberOf
Foreach ($User in $DisabledUsers)
{
Write-Host "Username: $($User.Name)"
Foreach ($Group in $user.MemberOf)
{
Write-Host "Group: $Group"
}
}

 

Regards

Andres

1 Like
Reply
ADumith

‎Apr 20 2023 06:41 AM

‎Apr 20 2023 06:41 AM

Re: How to list the disabled accounts and in which groups they are.

Thank you Andres,

How can I export that into a Excel file?

Thank you in advance.
0 Likes
Reply
eliekarkafy

‎Apr 20 2023 06:46 AM

‎Apr 20 2023 06:46 AM

Re: How to list the disabled accounts and in which groups they are.

Export-CSV -Path "C:\DisabledUsers.csv" -NoTypeInformation
0 Likes
Reply