How to disable all accounts from an Organization Unit structure

Share this:

In some cases, the administrator must disable all accounts from a specific Organization Unit. We can approach this task from either Active Directory Users and Computers or using PowerShell.


The first method is the simpler one, which is using Active Directory Users and Computers, basically we select one or more users that we want to disable, right-click and then Disable Account, as depicted in the image below. It works fine when we have all users on the same OU, however in some cases we have tons of sub-OUs and that makes it difficult to disable a lot of users at the same time.


After asking to disable the account a dialog box will be displayed informing that all objects were disabled.

Screen Shot 2017-05-07 at 11.00.22 AM

Using PowerShell…

In case we have several Organization Units underneath and we want to disable all accounts, then the PowerShell is the best approach. Basically, we can start by listing all the users from any given OU using the following command line. Make sure to replace the SearchDN with your domain/OU location/information.

Get-ADUser –SearchBase “OU=OUName,dc=domain,dc=local” –Filter *


In order to disable the accounts, just add | Disable-ADAccount to the end and that will make sure that all accounts on all Organization Units are disabled.

Get-ADUser –SearchBase “OU=OUName,dc=domain,dc=local” –Filter * | Disable-ADAccount

Screen Shot 2017-05-07 at 10.58.31 AM

How do I find my distinguished name to enter on the SearchBase parameter?

You can create that path by knowing the location, but if you are not sure, there is an easy way. Using Active Directory User and Computers, click on View and then click on Advanced Features


After that, right click on the desired Organization Unit, click on Attribute Editor tab, and then double click on distinguishedName and copy the content being displayed on the dialog box.


Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

How to identify the replication technology in use ... Since Windows Server 2003 the SYSVOL replication which includes Group Policies, Scripts, and so forth has been done through FRS (File Replication Serv...
How to define an OU as default location for new Co... By default all computer objects are created under the Computers container and in this Tutorial we are going change (redirect) this default location to...
Configuring Tombstone Lifetime (TSL) period By default a tombstone lifetime is 180  days (it used to be 60 days on Windows Server 2003 R2), however we can change for any number that we like or m...
How to add the Active Directory Domain Services ro... In this Tutorial we are going over the process to add the Active Directory Domain Services role on a Windows Server 2012 R2. This procedure will be th...