Disable multiple users via powershell


I have a bit of a problem getting a hang of using powershell.

I have a list of over 500 users in a active directory that need to be disabled.

All of them do not have normal user log on names but pre 2000 user log on names.

I have created a list in excel that is comma separated.

What command do I need to enter in powershell to disable the users from my list.

( I can also save my excel file as csv. file )

Sorry for my bad english and thanks in advance.

  • what do you mean by this?

    "All of them do not have normal user log on names but pre 2000 user log on names."

    Do you mean UPN (username@domainname.com) vs Legacy WinNT (NetBIOS) Name (domain\username)?

    Ether way, the SamAccountName associated with the UPN, should be the same layout as the Legacy WinNT name. A simple string of 1 - 20 characters. So, you'd just use that short name for both use cases.

    Either way this is a PoSH 100 question, that you an easily get up to speed on by looking at a quick YouTube video or MS Virtual Academy session, first before trying this for real.

    XLS and CSV are treated the same way when importing that data in to PoSH.

    So, you can use any sample AD script on user management to do this. Directly from the built-in PoSH help files, from the MS powershellgallery.com or just fire up the ADAC, click through one scenario and save off the PowerShell code auto-created for you that you can then tweak as needed.

    Introduction to Active Directory Administrative Center Enhancements (Level 100)

    Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2

    Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012

    PowerShell Script to Automatically Disable Users from CSV

    The Following script will disable a specified user, log their current group membership, move them to a specified container, remove them from their groups except Domain Users and hide the user in the GAL.



    Though this last one talks about an add-on module, you can do this without it.

    It's really as simple as this...

    Get-Help -Name Import-csv -Examples

    Get-Help -Name Disable-ADAccount -Examples

        Import-Module activedirectory
        $list = Import-CSV c:\scripts\disableusers.csv

        forEach ($item in $list)
            $AccountName = $item.Name
            Disable-ADAccount -Identity $AccountName -WhatIf

    Or even this.

        (Import-CSV c:\scripts\disableusers.csv) | %{Disable-ADAccount -Identity $_.Name -WhatIf}

    Of course you'll want to do some error handing in here to be sure you don't hurt anything else.

    That -WhatIF means show what will happen but don't do anything.