User and computer domain accounts that haven’t been used in a long time must be disabled by an Active Directory administrator on a regular basis. Even if the user knows the account’s password and it hasn’t expired, disabled accounts can’t log in to the domain.
The Active Directory Users & Computers graphical snap-in can be used to disable a user or machine account in Active Directory (ADUC). To do so, locate the user account in the console, right-click it, and choose Disable Account from the menu.

Or you can open the user’s properties and enable the “Account is disabled” option in the “Account options” section on the “Account” tab.

The PowerShell cmdlet Disable-ADAccount can also be used to disable the Active Directory account.
Install Active Directory for Windows PowerShell and use the command to import it into the PS session:
Import-Module ActiveDirectory
In order to disable the jbrion user account, run the command:
Disable-ADAccount -Identity jbrion

In order to prompt the account disabling confirmation, you can add the –Confirm parameter.
Check that the account is disabled now (Enabled = False):
Get-ADUser jbrion |select name,enabled

The Disable-ADAccount cmdlet can be used to disable a domain computer as well as a user or service account. As a -Identity argument, you can specify the following AD object parameters:
- Distinguished Name;
- GUID (objectGUID);
- objectSid;.
Hint. To enable an account, use the command:
Get-ADUser jbrion | Enable-ADAccount
To disable all computer accounts in a specific OU:
Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Laptops,OU=NY,OU=USA,DC=solutionviews,DC=com" | Disable-ADAccount
To find all disabled computer accounts in the domain, use the command:
Search-ADAccount -AccountDisabled -ComputersOnly|select Name,LastLogonDate,Enabled
To display list user accounts:

Hint. You may learn more about krbtgt, a unique service AD account.
You may disable multiple AD accounts using PowerShell. Create a text file containing a list of the user accounts you want to disable. Then, using the PowerShell script below, you may disable all user accounts from the txt file:
$users=Get-Content c:\ps\users.txt
ForEach ($user in $users)
{
Disable-ADAccount -Identity $($user.name)
}
Similarly, you can disable computer accounts:
$computers= Get-Content c:\ps\computers.txt
ForEach ($computer in $computers)
{
Disable-ADAccount -Identity "$($computer.name)$"
}
You can identify all inactive accounts in the domain and disable them all at once with the Search-ADAccount cmdlet. If you wish to disable all users who haven’t logged into the domain in more than three months, for example:
$timespan = New-Timespan -Days 90
Search-ADAccount -UsersOnly -AccountInactive -TimeSpan $timespan | Disable-ADAccount