Announcement

Collapse
No announcement yet.

Disable or Enable user account via powershell script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable or Enable user account via powershell script

    Hi,
    Looking for a script that enable or disable a user account via PowerShell v1

    the script should be given 2 parameters username and state (enable/disable)

    so far I have a little code that will search for the user in ldap

    Code:
    function get-dn ($SAMName)
    {
     	$root = [ADSI]''
     	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
    	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
    	$user = $searcher.findall()
    
    	if ($user.count -gt 1)
          {     
                $count = 0
                foreach($i in $user)
                { 
    			write-host $count ": " $i.path 
                      $count = $count + 1
                }
    
                $selection = Read-Host "Please select item: "
    
    return $user[$selection].path
    
          }
          else
          { 
    	  	return $user[0].path
          }
    }
    
    $Name = $args[0]
    $path = get-dn $Name
    "'" + $path + "'"
    your 2 cents will be mostly welcome...

  • #2
    Re: Disable or Enable user account via powershell script

    figured it out
    here is the code:

    Code:
     
    function get-dn ($SAMName)
    {
     	$root = [ADSI]''
     	$searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
    	$searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
    	$user = $searcher.findall()
    
    	if ($user.count -gt 1)
          {     
                $count = 0
                foreach($i in $user)
                { 
    			write-host $count ": " $i.path 
                      $count = $count + 1
                }
    
                $selection = Read-Host "Please select item: "
    
    return $user[$selection].path
    
          }
          else
          { 
    	  	return $user[0].path
          }
    }
    
    $Name = $args[0]
    $status = $args[1]
    $path = get-dn $Name
    "'" + $path + "'"  
    
    if ($status -match "enable") 
    	{
    		# Enable the account
    		$account=[ADSI]$path
    		$account.psbase.invokeset("AccountDisabled", "False")
    		$account.setinfo()
    	}
    else
    	{
    		# Disable the account
    		$account=[ADSI]$path
    		$account.psbase.invokeset("AccountDisabled", "True")
    		$account.setinfo()
    	}

    Comment


    • #3
      Re: Disable or Enable user account via powershell script

      Thanks for posting the corrected code.
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Disable or Enable user account via powershell script

        I played around with this a little. I added some minor error checking in case no users are found, and added automatically hiding/showing in the Exchange Global Address List. Save it as Disable-User.ps1

        Code:
        # http://forums.petri.com/showthread.php?p=109975 
        # usage: Disable-User [accountname] [enable/disable]
        
        function get-dn ($SAMName)    {
            $root = [ADSI]''
             $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
            $searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
            $user = $searcher.findall()
        
            if ($user.count -gt 1)      {     
                    $count = 0
                        foreach($i in $user)            { 
                    write-host $count ": " $i.path 
                            $count = $count + 1
                        }
        
                    $selection = Read-Host "Please select item: "
                return $user[$selection].path
        
                  }      else      { 
                  return $user[0].path
                  }
        }
        
        $Name = $args[0]
        $status = $args[1]
        $path = get-dn $Name
        
        if ($path -ne $null)    {
        
            "'" + $path + "'"  
            if ($status -match "enable")     {
                # Enable the account
                $account=[ADSI]$path
                $account.psbase.invokeset("AccountDisabled", "False")
                $account.setinfo()
                Set-Mailbox "$Name" -HiddenFromAddressListsEnabled $False
            }    else    {
                # Disable the account
                $account=[ADSI]$path
                $account.psbase.invokeset("AccountDisabled", "True")
                $account.setinfo()
                Set-Mailbox "$Name" -HiddenFromAddressListsEnabled $True
            }
        }    else    {
            write-host "No user account found!" -foregroundcolor white -backgroundcolor red
        }
        Originally posted by XtaZee View Post
        figured it out
        here is the code:

        Code:
         
        function get-dn ($SAMName)
        {
             $root = [ADSI]''
             $searcher = new-object     System.DirectoryServices.DirectorySearcher($root)
            $searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMName))"
            $user = $searcher.findall()
        
            if ($user.count -gt 1)
              {     
                    $count = 0
                    foreach($i in $user)
                    { 
                    write-host $count ": " $i.path 
                          $count = $count + 1
                    }
        
                    $selection = Read-Host "Please select item: "
        
        return $user[$selection].path
        
              }
              else
              { 
                  return $user[0].path
              }
        }
        
        $Name = $args[0]
        $status = $args[1]
        $path = get-dn $Name
        "'" + $path + "'"  
        
        if ($status -match "enable") 
            {
                # Enable the account
                $account=[ADSI]$path
                $account.psbase.invokeset("AccountDisabled", "False")
                $account.setinfo()
            }
        else
            {
                # Disable the account
                $account=[ADSI]$path
                $account.psbase.invokeset("AccountDisabled", "True")
                $account.setinfo()
            }
        Pat Richard
        Exchange MVP
        contributing author "Microsoft Exchange Server 2007: The Complete Reference"

        Comment


        • #5
          Re: Disable or Enable user account via powershell script

          Much respect Pat
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Disable or Enable user account via powershell script

            I'd be willing to add more if anyone has requirements.
            Pat Richard
            Exchange MVP
            contributing author "Microsoft Exchange Server 2007: The Complete Reference"

            Comment


            • #7
              Re: Disable or Enable user account via powershell script

              This is exactly what i have been looking for. Is there any way to get it to read from a file? I have a list of about 40 users that i need to disable, and hide from Exchange in one fell swoop if possible. Having a script to do that would be ideal!!!

              Thanks much

              app

              Comment


              • #8
                Re: Disable or Enable user account via powershell script

                There is an easier way to do this using quest active roles tool for active directory if your organization is a windows domain. It is a free download for your use and very powerful: http://www.quest.com/powershell/activeroles-server.aspx

                This will need to be install wherever you are running your exchange tasks from. I run all this from my local system. I have powershell, quest active roles for powershell and the exchange managment console. Mostly everyone managing exchange 2007 already has 2 of these items installed.

                There are two scripts below. The top one asks you the samaccountname of the user and then takes that name hides it from the address list and disables the user. The second script imports a csv file using the samaccount names of the individuals then goes through each user setting their GAL setting and disabling. Enjoy!

                #Two Scripts- Contents of script between pound sign
                ################################################## ##############
                #Single User

                Add-PSSnapin Quest.ActiveRoles*
                Add-PSSnapin Microsoft.Exchange*

                $samaccountName = Read-Host "What is the shortname of the person you want to disable?"

                Set-Mailbox $samaccountName -HiddenFromAddressListsEnabled $true
                Disable-QADUser $samaccountName

                ################################################## ###############
                #CSV file for importing.
                #CSV file in the following format -Header Row !!!!!Make sure there are no empty carriage returns at the end of your csv otherwise it will throw an error
                #Name
                #John
                #Mike
                #Louie

                Add-PSSnapin Quest.ActiveRoles*
                Add-PSSnapin Microsoft.Exchange*

                Import-Csv C:\New.txt | foreach {
                Set-Mailbox $_.Name -HiddenFromAddressListsEnabled $true
                Disable-QADUser $_.Name
                }
                ################################################## ###############

                If you want to make either one of these a function simply wrap in a function like this:

                Function DisableUser ($samaccountname) {
                Enter either script here
                }

                The add-pssnapin is for adding those modules to powershell. If you launch powershell by start--programs--WindowsPowershell this works. If you launch the exchange powershell managment console it will not without an error.

                Viola....Enjoy!

                Comment


                • #9
                  Re: Disable or Enable user account via powershell script

                  amn a v.new user of powershell but the bellow solution is what i have actually been looking for. pls can any one help with the finished codes using a double domain structure and multiple users in an OU. cheers
                  Last edited by shiapi; 23rd December 2009, 15:09.

                  Comment

                  Working...
                  X