Recently, our security team detected suspicious activity involving approximately 200 accounts. They immediately engaged me to disable these accounts and requested that comments be added during the disable process to ensure the service desk team does not inadvertently re-enable them. To meet this requirement, we developed a lightweight script that automated the account disable action while inserting the necessary comments for tracking and control.
$listofuser = Get-content C:\Temp\user.txt
#$Comment = "Account disabled on 05-Dec-2025 by Admin IncNumber"
foreach ($usr in $listofuser) {
# Disable the account
Get-Aduser -Filter {UserPrincipalName -eq $usr} | Disable-ADAccount
# Update the description field
Get-Aduser -Filter {UserPrincipalName -eq $usr} | Set-ADUser -Description $Comment
# Get-Aduser -Filter {UserPrincipalName -eq $usr} -Properties Description |Select-Object Name,UserPrincipalName,Enabled,Description | Export-Csv C:\Temp\report.csv -NoTypeInformation -Encoding UTF8 -Append
# Write-Host "Account Disabled for the user $usr | $comment" -ForegroundColor Green
}
No comments:
Post a Comment