Quickly Disable All Accounts in an Active Directory OU

In case you need to disable a particular user or computer account in Active Directory, you can use Disable-ADAccount PowerShell cmdlet as shown in the command below:

  • Disable-ADAccount -Identity “CN=Nick, OU=TempUsers, DC=Test, DC=Local”

Above command disables only one user account named “Nick”. In case you need to disable all user accounts in an OU, you are going to use two PowerShell cmdlets; Get-ADUser and DisableADAccount as specified in the command below:

Get-ADUser -Filter “Name -like “*” -SearchBase “OU=TempUsers,DC=Test, DC=Local” | Disable-ADAccount

First command gets the list of user accounts in OU TempUsers and second command disables the account.

About Nirmal Sharma

Nirmal is a MCSEx3, MCITP and was awarded Microsoft MVP award in Directory Services and Windows Networking. He is specialized in Directory Services, Failover cluster, Hyper-V, System Center, Windows Azure, and Exchange Servers and has been involved in Microsoft Technologies since 1994. In his spare time, he offers technical help by writing tips and articles on several web sites. Nirmal can be reached at [email protected].

2 thoughts on “Quickly Disable All Accounts in an Active Directory OU”

  1. Running your initial command didn’t work with the parameters you chose.
    This is what I used instead: Get-ADUser -Filter * -SearchBase “OU=TempUsers,DC=Test, DC=Local” -SearchScope Subtree | Disable-ADAccount

    1. Does this script:
      Get-ADUser -Filter * -SearchBase “OU=TempUsers,DC=Test, DC=Local” -SearchScope Subtree | Disable-ADAccount

      Disable ALL users in 1 certain OU?

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top