RAI3602_0001: Block domain user account via Powershell

Summary

ID	RAI3602_0001
Brief Description	Block user accounts using the Disable-ADAccount cmdlet
Author	@SEC
Creation Date	2023/05/18
Modification Date	2023/05/18
Requirements	software
Tags	Powershell Windows Active Directory
References	https://blog.netwrix.com/2018/07/30/how-to-lock-unlock-enable-and-disable-ad-accounts-with-powershell/
Means of action	Windows PowerShell cpe:2.3:a:microsoft:powershell:5.0:*:*:*:*:*:*:*
Targets of action	MS Server 2019 with Active Directory role cpe:2.3:a:microsoft:active_directory:-:*:*:*:*:*:*:*
Linked Response Actions	Block User Account

Description

You can easily disable user accounts using the Disable-ADAccount cmdlet. Use the -Identity parameter to specify which account to disable; you can supply its distinguished name, security identifier (SID), globally unique identifier (GUID) or Security Account Manager (SAM) account name: Disable-ADAccount -Identity <DOMAIN_USER>

Verify that everything was successful by requesting accounts information: Search-ADAccount -AccountDisabled | Select-Object Name, SamAccountName