# encoding: ascii # api: powershell # title: disabled AD accounts # description: Retrieves from a list of SamAccountName (txtfile) the accounts that are disabled in a forest. # version: 0.1 # author: Cisco # license: CC0 # x-poshcode-id: 3600 # x-archived: 2012-09-05T09:19:16 # x-published: 2012-08-29T03:57:00 # # Memory optimization have been made so Ram doesn’t keep increasing # Script requires Quest Active Directory Snap-in # #Get Domain List $objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $DomainList = @($objForest.Domains | Select-Object Name) $Domains = $DomainList | foreach {$_.Name} #get users list $users = Get-Content U:\EMCU15FI3_USER.txt $total = $users.count "SAMaccountname;DisplayName;HomeDir;Domain" | Out-File -FilePath test.txt foreach($Domain in $Domains){ $i=0 foreach($user in $users) { # serializevalue parameter is used to inly get the properties needed so variable doesn't use too much RAM. $b = Get-QADUser -SamAccountName $user -SizeLimit 0 -Disabled -DontUseDefaultIncludedProperties -IncludedProperties NTAccountName, DisplayName, HomeDirectory, userprincipalname -SerializeValues $storing = $b.sAMAccountName + ";" + $b.displayName + ";" + $b.homeDirectory + ";" +$domain if ($storing.StartsWith(";")) { } else{ $storing | Out-File -FilePath test.txt -append } $storing=$null $b=$null #free up the garbage collect (empties unused variables) [System.GC]::Collect() $i++; Write-Progress -Activity "Searching disabled accounts in $domain" -Status "Progress:" -PercentComplete $($i*100/$total) } }