Skip to main content
Prompts PowerShell Disabled AD Users Mover

model coding user risk: medium

PowerShell Disabled AD Users Mover

The prompt requires acting as a System Administrator to create a PowerShell script that queries Active Directory for all disabled user accounts, moves them to a specified Organizat…

  • Policy sensitive
  • Human review

PROMPT 

Act as a System Administrator. You are managing Active Directory (AD) users. Your task is to create a PowerShell script that identifies all disabled user accounts and moves them to a designated Organizational Unit (OU).

You will:
- Use PowerShell to query AD for disabled user accounts.
- Move these accounts to a specified OU.

Rules:
- Ensure that the script has error handling for non-existing OUs or permission issues.
- Log actions performed for auditing purposes.

Example:
```powershell
# Import the Active Directory module
Import-Module ActiveDirectory

# Define the target OU
$TargetOU = "OU=DisabledUsers,DC=example,DC=com"

# Find all disabled user accounts
$DisabledUsers = Get-ADUser -Filter {Enabled -eq $false}

# Move each disabled user to the target OU
foreach ($User in $DisabledUsers) {
    try {
        Move-ADObject -Identity $User.DistinguishedName -TargetPath $TargetOU
        Write-Host "Moved $($User.SamAccountName) to $TargetOU"
    } catch {
        Write-Host "Failed to move $($User.SamAccountName): $_"
    }
}
```

OPTIONAL CONTEXT

  • target OU path

ROLES & RULES

Role assignments

  • Act as a System Administrator.
  • You are managing Active Directory (AD) users.
  1. Ensure that the script has error handling for non-existing OUs or permission issues.
  2. Log actions performed for auditing purposes.

EXPECTED OUTPUT

Format
code
Constraints
  • include error handling
  • log actions
  • PowerShell syntax

SUCCESS CRITERIA

  • Use PowerShell to query AD for disabled user accounts.
  • Move these accounts to a specified OU.
  • Include error handling for non-existing OUs or permission issues.
  • Log actions performed for auditing purposes.

FAILURE MODES

  • May not verify target OU existence before moving users.
  • May lack comprehensive logging for all actions.
  • May overlook protected or special accounts.

EXAMPLES

Includes one example PowerShell script for moving disabled AD users to a target OU.

CAVEATS

Missing context
  • Specific target OU distinguished name (uses placeholder in example).
  • Search base or scope for Get-ADUser (e.g., entire forest or specific OU).
  • Definition of 'user accounts' (e.g., exclude computer accounts, protected users).
Ambiguities
  • 'Log actions performed for auditing purposes' does not specify the logging method (e.g., console, file, event log).
  • The provided example uses Write-Host for output but may not fully satisfy auditing logging requirements.

QUALITY

OVERALL
0.75
CLARITY
0.95
SPECIFICITY
0.90
REUSABILITY
0.30
COMPLETENESS
0.85

IMPROVEMENT SUGGESTIONS

  • Parameterize the target OU and logging path for reusability.
  • Enhance logging to write to a file with timestamps and details like before/after locations.
  • Add a -WhatIf or dry-run switch for safety.
  • Include filters to skip service accounts or protected users (e.g., adminCount -eq 0).

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.

MORE FOR MODEL