Moving users to a disabled OU in Powershell. In this article, you will learn about OU management and how to use PowerShell scripts to create, move and delete organizational units in AD; link a Group Policy to an OU; and move computer and user accounts to another OU. A colleague has reached out to me to create a PowerShell script to do the following: The script would read the lastlogondate of an AD security group called âTemp Associatesâ, disable the accounts with lastlogondate > or = 29 days from current date and move to Disabled OU. My question: ***** Is there a way to move disabled user accounts in AD to a different OU (ie; Disabled Users) when the account status changed from enabled to disabled? The LastLogon and LastLogonTimeStamp attributes can help you to decide if an Active Directory user account or computer account is active or inactive.. Powershell to find inactive ⦠PowerShell ISE is the best tool for working with PowerShell ⦠Please let me know what you think: Description: In this article, I am going give powershell script examples to disable Active Directory user account by userâs samAccountName and DistinguishedName, disable AD Users from specific OU, and disable Bulk AD users from CSV file using powershell script.. You can disable an ad account by using the Active Directory powershell cmdlet Disable ⦠Active 2 years, 11 months ago. To help with that you can create an OU called Disabled Users then run a PowerShell script to move all people on your domain â who already have their account mark as disabled â to that OU, making easier for you to remove them later or get a visual report. How do I specify the OU for disabled users? Search for Disabled Users and Move to Disabled Ou using PowerShell. âDear PowerShellâ¦â You had me at PowerShell⦠ð Incidentally starting any email with PowerShell is a good way to get my attention. In this blog we see how to find disable and inactive Active Directory user and computer accounts and move them to different OU.. I have added the âWhatIfâ option by default . Created this script to search a âOUâ for disabled users and move them to a different ou . Each AD domain can have its own organizational unit hierarchy. I'm trying to create a powershell script that can create a new OU with the current date (dd-MM-yyyy), disable users from a text file and then move them to the newly created OU. Use the -whatif switch on the Disable-ADAccount and Move-ADObject commandlets, those are the only ones that change anything. So far I have gotten everything but the move to work. That is already included in the script: I have tried to work with this code for a while and the logic seems sound to me. Powershell to Find and Move Inactive AD Users to Different OU. You can also drag and drop people who left to that Disabled Users OU ⦠The script is suppose to: find user account(s) past expiration date; disable the user account(s) move account(s) to a specific OU; clear the user group membership, all but three ⦠2. When there are many user objects in the directory, that's is a bit of a waste. Once you run the script it will prompt for âSearch OUâ and âTarget OUâ . Thanks. I have completed the MA rule extension code to take care of the enabling/disabling of the user accounts in AD. I would prefer letting the server side filter the ⦠Additionally, you may also get help from Active Directory Cleaner to schedule and automate the tasks of setting password, disabling, moving or ⦠Viewed 2k times 0. Ask Question Asked 2 years, 11 months ago. I am trying to move my disabled users to the proper OU in AD. While you can do Get-ADUser -Filter * and then filter out the accounts on the client side, this transfers all user objects from the AD through the wire every time, but you immediately discard 99% of them. Thanks!