How to disable all accounts from an Organization Unit structure

Share this:

In some cases, the administrator must disable all accounts from a specific Organization Unit. We can approach this task from either Active Directory Users and Computers or using PowerShell.

Solution


The first method is the simpler one, which is using Active Directory Users and Computers, basically we select one or more users that we want to disable, right-click and then Disable Account, as depicted in the image below. It works fine when we have all users on the same OU, however in some cases we have tons of sub-OUs and that makes it difficult to disable a lot of users at the same time.

image

After asking to disable the account a dialog box will be displayed informing that all objects were disabled.

Screen Shot 2017-05-07 at 11.00.22 AM

Using PowerShell…

In case we have several Organization Units underneath and we want to disable all accounts, then the PowerShell is the best approach. Basically, we can start by listing all the users from any given OU using the following command line. Make sure to replace the SearchDN with your domain/OU location/information.

Get-ADUser –SearchBase “OU=OUName,dc=domain,dc=local” –Filter *

image

In order to disable the accounts, just add | Disable-ADAccount to the end and that will make sure that all accounts on all Organization Units are disabled.

Get-ADUser –SearchBase “OU=OUName,dc=domain,dc=local” –Filter * | Disable-ADAccount

Screen Shot 2017-05-07 at 10.58.31 AM

How do I find my distinguished name to enter on the SearchBase parameter?

You can create that path by knowing the location, but if you are not sure, there is an easy way. Using Active Directory User and Computers, click on View and then click on Advanced Features

image

After that, right click on the desired Organization Unit, click on Attribute Editor tab, and then double click on distinguishedName and copy the content being displayed on the dialog box.

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

How to configure an OU as default for new objects ... In this Tutorial we will configure an Organization Unit as new default location for new users. By default, all new objects created by Exchange for exa...
How to define an OU as default location for new Co... By default all computer objects are created under the Computers container and in this Tutorial we are going change (redirect) this default location to...
Configuring Tombstone Lifetime (TSL) period By default a tombstone lifetime is 180  days (it used to be 60 days on Windows Server 2003 R2), however we can change for any number that we like or m...
Auditing logon events with FortiGate How to enable Auditing on Active Directory. One of my customers was implementing web filtering using Active Directory with Fortigate firewall applianc...