A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Remove all disabled user from an Active Directory Group with Power Shell using Quest Active Roles AD Management

The following code snippet which I ran through PowerShell ISE (learn how to get it on Windows Server) will remove all disabled users from a particular group.  Useful for the end of year / start of year clean up in a school environment.

You will need the ActiveRoles Management Shell for Active Directory, available by clicking here which were made by Quest Software, now DELL.

Add-PSSnapin Quest.ActiveRoles.ADManagement

Get-QADGroup -SearchRoot "" | Foreach-Object {
     $group = $_
     Get-QADGroupMember -Identity $group -Disabled -Type User | Foreach-Object{
         Write-Host "Removing '$($_.Name)' from group '$group'" -Foreground Green
         Remove-QADGroupMember -Identity $group -Member $_ 
     }
 }

Swap out with a distinguished name of the group you want to remove disabled users from.  Once you execute it, it will run through the group and remove any user objects that are disabled.

Leave a Reply

More Posts

Applying inherit rights (inheritable) for permissions to a large number of Active Directory objects

I was recently involved in a project to help secure a School’s Active Directory environment.  After sitting down and planning what we wanted to achieve in terms of account security we went to work.  After setting up all of the IT based security groups and assigning and delegating the appropriate rights and permissions we found […]

Activating Windows 8.1 clients on a KMS Host running Windows Server 2008 R2

I was recently helping out a friend who had a KMS server activating their Windows 7 machines but when they started moving their fleet to Windows 8.1 they saw they couldn’t install the KMS Host product key for Windows 8.1 recieving the following error: 0xc004f015: The Software Licensing Service reported that the license is not […]

Wireless Projection / Miracast option disappears from Microsoft Surface Pro 3 / Windows 8.1 after joining a Active Directory Domain

We recently deployed some Microsoft Surface Pro 3s (love these devices) for our Executive team along with some new equipment in meeting / board rooms with Wireless Display capabilities. During testing with my personal SP3 (not domain joined) the wireless display worked a treat, so I expected it to work fine on the ones we […]