To find disabled User Accounts and Computer Accounts

Updated: Feb 13

Article No :: KB00003



Below LDAP query will show you all of the disabled user accounts and computer accounts in an active directory environment.

Please follow below steps to export the details.

1. Open Active Directory Users and Computers

2. Right-Click “Saved Queries” > New > Query

3. Type a name: eg “Disabled Users”Click “Define Query”

4. Choose the “Custom Search” from FIND section.

5. Then click on the “Advanced” Tab.

6. Now, paste the below command in the "Enter LDAP Query:" field and click OK.

=============================================================

(|(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=2)))

=============================================================

7. Now, underneath the “Saved Queries” section in ADUC you will see the query you just made. Click it to see the disabled users at the moment.



Another Way to get the result.


Login to Domain controller and open PowerShell or CMD. Now, run the below DSQUERY command to find the disabled Users and computer accounts from Active Directory environment. This will show the result in the console window itself. 


dsquery * domainroot -filter "(|(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=2)))" -attr displayName,sAMAccountName userPrincipalName,ObjectClass


#DSQuery #LDAPQuery #DisabledUserAccount #DisabledComputerAccount #ActiveDirectory #FindDisabledObject #DisabledObject