System administrators often need to locate disabled user accounts in Active Directory Users and Computers (ADUC) for auditing, cleanup, or reactivation. ADUC offers built-in filters that simplify this process using the graphical interface. In this guide, you’ll learn step-by-step how to find and verify disabled accounts in Active Directory, complete with screenshots and tips.
Launch ADUC directly using the Run command 
Access ADUC from Start Menu 
Enable Advanced Features for deeper account access 
Open the Find dialog in ADUC 
Filtered results showing all disabled accounts
Step 1: Open Active Directory Users and Computers
- Press Windows + R to open the Run dialog.
- Type
dsa.mscand press Enter.
Alternative Method:
- Press Windows and type Active Directory Users and Computers.
- Select the app from the Start menu.
Step 2: Enable Advanced Features
- Click on the View menu in ADUC.
- Select Advanced Features to enable additional management tabs like Attribute Editor.
Step 3: Perform a Search for Disabled Users
- Right-click the container or domain where you want to search.
- Select Find… from the context menu.
- In the window, select the Common Queries tab.
- Set the In: field to the desired domain or container.
- Check the box for Disabled accounts.
- Click Find Now to display results.
Step 4: View and Confirm Account Properties
- Double-click any result to open user properties.
- Go to the Account tab and confirm that “Account is disabled” is checked.
Best Practices for Account Hygiene
- Use clear naming conventions for disabled accounts. Example:
JohnDoe.disabled - Add notes in the Description field explaining why the account was disabled.
- Conduct quarterly reviews of all disabled accounts for security hygiene.
Related Articles from MagnetClicks
- How to Add Users and Computers in AD
- How to Create Security Groups in AD
- Check Windows Activation Status
- Monitor Overheating Computers
External Resources
Frequently Asked Questions
How do I confirm if an account is disabled in AD?
Right-click the user account, go to Properties, and check the Account tab for “Account is disabled.”
What permissions do I need to search for disabled accounts?
You must have read access to the organizational unit (OU) and use the Advanced Features to search with filters.
Can I export the list of disabled accounts?
Yes. Use PowerShell or export from ADUC using dsquery or CSVDE tools for reporting.
Author: Waheed Burna with 15+ years of enterprise experience in Microsoft Active Directory, security operations, and infrastructure automation.
