Active Directory Find Disabled Computers

Knowing about old and stale objects in your Active Directory computers in your network are running is important.  You may want to take actions on these objects such as move them to a special OU or delete them after a time.  An Active Directory finds disabled computers report can be a handy way to accomplish this goal.

Active Directory Find Disabled Computers in PowerShell

When you run the following script on your server, it will fetch disabled computers for a particular domain. With a little bit of effort, you could do this for multiple domains, export this to a CSV, HTML file, or send it in an email.

Method #1


import-module activedirectory
Get-Adobject -LDAPFilter "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))"

Method #2:


import-module activedirectory
Get-AdComputer -Filter {(Enabled -eq $False)}

You might also want to use a service account (“-Credentials” on your PowerShell commands) to keep things more secure. There are several other methods that don’t require RSAT (and the “activedirectory” module) but these are the most convenient techniques to start.

Web Active Directory’s PeopleAudit

Web Active Directory’s PeopleAudit allows you to run a report like this on demand or delegate it safely for others in your organization to run via their web browser. Users can filter and sort the results on the fly, and with a single button press print the results or export to your clipboard, PDF, Excel, or CSV.

Safely and securely specify the service account to use to perform the reporting tasks.  Customize the report results and filters without scripting or coding.

You can also schedule these reports to be delivered to you or others in your organization via emails that you can configure.