0

I've been trying to locate / write a script that displays all NON disabled accounts in an active directory group.

The closest I've come to a working script displays all members of a group but it also shows the disabled users.

Here's the non-filtered query.

dsquery group -name "admins" | dsget group -members -expand

Please help, -Rob

Rob
  • 211
  • 2
  • 4
  • 18
  • I just found this to filter all active members of a group. I don't know how to add the two commands together. If I even can. **dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"** – Rob May 08 '14 at 00:10

1 Answers1

1

Given that you tagged this with PowerShell, I will lean that direction with my answer. If you are have the ActiveDirectory module from the AD DS RSAT tools installed (using PowerShell 3.0 or greater here)

Get-ADGroupMember "CN=Group DN,OU=Group OU,DC=domain,DC=com" | ? ObjectClass -eq "User" | Get-ADUser | ? Enabled

If you want to recourse through nested groups, use the -Recursive parameter on the Get-ADGroupMember cmdlet.

Joseph Alcorn
  • 2,322
  • 17
  • 23