How to search disabled accounts in Active Directory?

by | Dec 2, 2023 | Windows

search-disabled-ad-account
Last Updated:
System administrators often need to locate disabled user accounts in Active Directory Users and Computers (ADUC) for auditing, cleanup, or reactivation. ADUC offers built-in filters that simplify this process using the graphical interface. In this guide, you’ll learn step-by-step how to find and verify disabled accounts in Active Directory, complete with screenshots and tips.

Step 1: Open Active Directory Users and Computers

  • Press Windows + R to open the Run dialog.
  • Type dsa.msc and press Enter.
Launch ADUC via Run
Launch ADUC directly using the Run command

Alternative Method:

  • Press Windows and type Active Directory Users and Computers.
  • Select the app from the Start menu.
Launch ADUC from Start Menu
Access ADUC from Start Menu

Step 2: Enable Advanced Features

  • Click on the View menu in ADUC.
  • Select Advanced Features to enable additional management tabs like Attribute Editor.
Enable Advanced Features in ADUC
Enable Advanced Features for deeper account access

Step 3: Perform a Search for Disabled Users

  • Right-click the container or domain where you want to search.
  • Select Find… from the context menu.
Access Find dialog in ADUC
Open the Find dialog in ADUC
  • In the window, select the Common Queries tab.
  • Set the In: field to the desired domain or container.
  • Check the box for Disabled accounts.
  • Click Find Now to display results.
Search results for disabled user accounts
Filtered results showing all disabled accounts

Step 4: View and Confirm Account Properties

  • Double-click any result to open user properties.
  • Go to the Account tab and confirm that “Account is disabled” is checked.

Best Practices for Account Hygiene

  • Use clear naming conventions for disabled accounts. Example: JohnDoe.disabled
  • Add notes in the Description field explaining why the account was disabled.
  • Conduct quarterly reviews of all disabled accounts for security hygiene.

Related Articles from MagnetClicks

External Resources

Frequently Asked Questions

How do I confirm if an account is disabled in AD?

Right-click the user account, go to Properties, and check the Account tab for “Account is disabled.”

What permissions do I need to search for disabled accounts?

You must have read access to the organizational unit (OU) and use the Advanced Features to search with filters.

Can I export the list of disabled accounts?

Yes. Use PowerShell or export from ADUC using dsquery or CSVDE tools for reporting.

Author: Waheed Burna with 15+ years of enterprise experience in Microsoft Active Directory, security operations, and infrastructure automation.

Related Articles

How to Install Windows Server 2022

How to Install Windows Server 2022

Windows Server 2022 is Microsoft’s latest long-term servicing channel (LTSC) release. It delivers multi-layered security, Azure hybrid integration,...