How to disable an Active Directory computer account using PowerShell
This article compares the procedure of disabling Active Directory computer account using PowerShell and ADManager Plus, web-based Active Directory, Office 365 and Exchange management and reporting tool. It also demonstrates how ADManager Plus does it easily with just mouser-clicks as against the complex PowerShell scripts.
Steps to disable an AD computer account using PowerShell.
- Ensure you have the necessary permissions to perform this action, and also to execute PowerShell scripts.
- Get the value for necessary attributes like the the sAMAccountName, distinguished name (DN), SID, or GUID, to uniquely identify the required account.
- Create the script using the Disable-ADAccount or Set-ADComputer cmdlet, and execute it in the PowerShell window.
A sample PowerShell script to get GPO list
Click to copy entire script
Disable-ADAccount -Identity "JohnS-1001"
Set-ADComputer -Identity "JohnS-1001' -Enabled $false
This script will disable the computer 'JohnS-1001'.
ADManager Plus offers purpose-built features for every type of AD object. For each object type, it offers an enable / disable option. For example, to disable a user account,
- Select the Enable/Disable Computers feature, located in User Management.
- Select the Disable option, the desired domain and the names of computer accounts to be disabled; you can even import the users list from a CSV file, and click Apply.
» Start 30-day Free Trial
Limitations of using PowerShell to disable an AD computer account
- You will not be able to disable AD accounts using PowerShell if you do not have sufficient permissions in AD. With ADManager Plus, users privileges in native AD or Exchange doesn't have to be elevated to enable AD accounts.
- If you wish to disable AD computers in bulk or use a CSV file to enable multiple AD accounts using PowerShell, the script has to be modified. With ADManager Plus though, as the import CSV option is built-in, you can use the disable computers feature to disable just one account or multiple accounts at once.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, allowing you to perform all management and reporting actions with just mouse clicks from its web-based console.
- A minor error, like a misplaced hyphen, a typo in the LDAP names will lead to errors. As all actions in ADManager Plus are GUI-driven, there is no need to write scripts, eliminating the chances of errors.