AD Accounts Disabled/Enabled Query

Hi powershell.com,

I'm trying to create a list of users with their account expiration date and the status of the account (either Disabled OR Enabled) but I'm missing a necessary filter.

Scouring the web, I've found how to return one or the other, but not both - and most search results regarding PS return password-related results, which are irrelevant for this query.

To clarify, I'd like a list of all AD user objects, their account expiration date, and their account status (either disabled or enabled - listed next to the user account name in the csv output).  I've gotten everything except the account disabled/enabled field using the following:

Get-ADUser -Filter * -Properties AccountExpirationDate | Select Name,SamAccountName,AccountExpirationDate | export-csv -NoTypeInformation "c:\ADusers.csv" 

 

 

  • The property you're looking for is"Enabled" simply add that to the properties parameter on get-aduser and your select statement and that should give you what you need.
  • Thanks Peter - I was under the impression that would give me a list of only enabled users.

     

    I appreciate the response.

  • According to the help for the -Properties parameter (Get-Help Get-ADUser -Parameter properties)

    "Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set."

    Any property for a user object that you wish to include in your output that is not included in the default set of properties can be assigned to this parameter, therefore it's only for data retrieval purposes, not data filtering.

    If you were looking to filter by Enabled users, you would do something like this:

    Get-ADUser -Filter * -Properties Enabled | Where-Object {$_.Enabled -eq $True}

     

  • Get-ADUser -Filter {Enabled -eq $true}

  • Bob McCoy said:

    Get-ADUser -Filter {Enabled -eq $true}

    Yep.  Filter left, format right.

  • This helped a lot.   I was able to run two separate queries, one for disabled users - one for enabled users and merged the results in a workbook.

    Here's what I did so you can check my work.  Let me know if there was a better way to perform this task:

    Get-ADUser -Filter * -Properties AccountExpirationDate, Enabled | Where-Object {$_.Enabled -eq $True} | export-csv -NoTypeInformation "c:\ADt.csv"

    Get-ADUser -Filter * -Properties AccountExpirationDate, Enabled | Where-Object {$_.Enabled -eq $False} | export-csv -NoTypeInformation "c:\ADf.csv"

    There were also several other domains I needed to run the script against, so I used the -Server switch with the DC information, but I had to run both queries again, obviously.

    Many thanks for the quick replies everyone!

     

     

     

  • If you're just merging the two results, why filter on Enabled at all?

     

    Get-ADUser -Filter * -Properties AccountExpirationDate,Enabled | Sort Enabled | Export-Csv c:\ad.csv -NoTypeInformation

     

  • This is exactly what I was looking for - I'm still green with PS so I didn't realize leaving that filter off would return both disabled and enabled.

    Thanks Martin!