There may be times you need to find or report on disabled Active Directory user accounts. It’s best practice to do regular maintenance on AD objects and remove disabled or inactive objects (after verifying they are no longer needed of course). In this post, I will walk through three methods for finding disabled user accounts.
Method 1: Find Common Queries
1. Open Active Directory Users and Computer
2. Click the find objects button
3. In the Find Common Queries window, select “Common Queries” from the Find drop down and “Entire Directory” from the In: drop down. Check the box “Disabled accounts”
Once you have selected the above settings and clicked “Find Now” you will have a list of all the disabled accounts. Easy, right?
Method 2: Saved Queries
The saved queries in Active Directory Users and Computers can be used to create simple and complex LDAP search filters.
1. Open Active Directory Users and Computers
2. Right click Saved Queries and select New Query
3. Give the query a name then click the Define Query button. I named my query Disabled Users.
4. On the Find Common Queries box click the Disable Accounts box and click ok.
5. The query string box should now be populated with the LDAP syntax. Click OK
6. Click on the Disabled Users query under Saved Queries. You should now see all the disabled accounts.
Now every time you open AD you will have this saved query so you can quickly find disabled accounts.
Comments
Post a Comment
If you any doubt , Please let me know