Hello there,
The process of removing accounts in Active Directory usually starts with your Human Resources department telling you such and such user has left the organization. Best thing to do is to disable their account let’s say for a month or so. After that period you can remove those accounts. This is best practice in a sense that if employee returns for some reason during that period, you can quickly re-enable his/her account.
If you follow this process you will end up with disabled users on different OUs. To help with that you can create an OU called Disabled Users then run a PowerShell script to move all people on your domain – who already have their account mark as disabled – to that OU, making easier for you to remove them later or get a visual report. You can also drag and drop people who left to that Disabled Users OU and let the script below disable it for you. So, in another words the script below will put all disabled users on the Disabled Users OU and also disable any user who is part of that the same OU.
# Import the AD Module
Import-Module ActiveDirectory
# List all accounts which are already disabled on your AD
Search-ADAccount -AccountDisabled | Select-Object Name, DistinguishedName
# Move all disabled AD users from others OU to the disabled users OU
Search-ADAccount -AccountDisabled | Where {$_.DistinguishedName -notlike “*OU=Disabled Users*”} | Move-ADObject -TargetPath “OU=Disabled Users,OU=losangeles,DC=world,DC=com”
# Now, disable all users in that disabled users OU either they are already disabled or not
Get-ADUser -Filter {Enabled -eq $True} -SearchBase “OU=Disabled Users,OU=losangeles,DC=world,DC=com” | Disable-ADAccount
Our company offer IT consulting and support services. If you like this article and want to get a quote relate to our services contact us on https://www.sepetra.com/contact-us
www.sepetra.com - Collaboration Yard 