Many organizations regularly look for inactive user accounts and disable them to improve security. But the fact is, disabled accounts can actually be a bigger threat because attackers can use them as back doors to gain access to IT systems like Microsoft Active Directory and Windows Server. When AD users have been disabled for a while, IT administrators tend to forget about them, but those accounts can be re-enabled and exploited by attackers. Therefore, it’s critical to make sure that you know about all disabled user accounts in your Active Directory and delete any of them that are no longer needed to harden the security of your IT environment.
1. Open the PowerShell ISE → Run the following script, paying close attention to the properties used:
Search-ADAccount –AccountDisabled –UsersOnly –ResultPageSize
2000 –ResultSetSize
$null | Select-Object SamAccountName, DistinguishedName | Export-CSV
“C:\Temp\DisabledUsers.CSV” –NoTypeInformation2. Open the file produced by the script in MS Excel.
