Azure Active Directory \ Disable User

This is a way to disable user accounts in batches in Azure Active Directory. 

# I will follow my actual protocols for disabling an account since I always want to show best practices. 

#1 I get my data from HR or some other process to alert me some users need to be decomissioned, fired, quit, contract up etc...  
$DisableUserAccountsfromHR = Get-Content "C:\Users\scott\Documents\WindowsPowershell\AzureAD\HR-Disable-Accounts.txt"
$DisableUserAccountsfromHR

#1.5 !!!! Run the snippet in #1 ONLY and review the output on the screen to make sure you are importing the correct data from source !!!!

#2 Run this command to verify I have correct infromation on these accounts and they are found in AAD 
#Decalre Array
$MyUserArray = @()

Foreach ($userUPN in $DisableUserAccountsfromHR){

       $MyUserArray += Get-AzureADUser | Where{$_.UserPrincipalName -eq $userUPN} | Select DisplayName, ObjectID, UserPrincipalName, AccountEnabled
}

$MyUserArray | Tee-Object C:\Temp\MyDisableUserArrayLog.txt -Append

​

#2.5 Run the Snippet in #2 next to review the output to the screen and make sure these are the accounts you want to disable. 

#3 Make sure all results are correct in prior steps, if anything looks out of the norm, STOP and ask someone about it 

# I use the ObjectID due to the fact these are unique in the AAD

​

Foreach($ObjectID in $MyUserArray){

    $ObjectID | Tee-Object C:\Temp\UsersDisableLog.txt -Append

    Set-AzureADUser -ObjectId $ObjectID.ObjectID -AccountEnabled $false
}

#4 Check your results and out to file 
Foreach($ObjectID in $MyUserArray){  

    Get-AzureADUser -ObjectId $ObjectID.ObjectID | Select UserPrincipalName, AccountEnabled | Tee-Object C:\temp\Disable_Accounts_Results.txt -Append
}
Invoke-item  C:\temp\Disable_Accounts_Results.txt