Home > Uncategorized > Find disabled users with their group membership and remove them from their groups

Find disabled users with their group membership and remove them from their groups

December 30, 2013

To quickly see the disabled users and their group membership in your Active Directory you can use this Powershell command:

Get-ADUser -SearchBase “OU=OU1,DC=domain,DC=local” -Filter ‘enabled -ne $True’ -Properties memberof | ft samaccountname, MemberOf -auto

This script will prompt you for a searchbase (Like “OU=OU1,DC=lab2,DC=local”) and remove all disabled users from their groups:

$inputfromuser = Read-Host ‘Enter AD Searchbase ‘
if ($inputfromuser -like “”)
{
Write-Host “Input error”
}
else{

$Diableduser = Get-ADUser -SearchBase $inputfromuser -Filter ‘enabled -ne $True’ -Properties memberof
foreach ($user in $Diableduser)
{
foreach ($member in $user.MemberOf)
{
Write-Host “Removing” $user.SamAccountName “from” $member
Remove-ADGroupMember $member -Members $user.SamAccountName -Confirm:$false
}
}
}

Honorable mention for assisting on this script goes to Bjørn Wang

edit: Added script for membership removal

%d bloggers like this: