共用方式為

Disable or enable a user account

  • 發行項

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To disable or enable a user account

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Open Active Directory Users and Computers.

  2. In the console tree, click Users.

    Where?

    • Active Directory Users and Computers/domain node/Users

    Or, click the folder that contains the user account.

  3. In the details pane, right-click the user.

  4. Depending on the status of the account, do one of the following:

    • To disable, click Disable Account.

    • To enable, click Enable Account.

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  • To prevent a particular user from logging on for security reasons, you can disable user accounts rather than deleting user accounts.

  • By creating disabled user accounts with common group memberships, you can use disabled user accounts as account templates to simplify user account creation. For more information, see Related Topics.

Using a command line

  1. Open Command Prompt.

  2. Type:

    dsmod userUserDN-disabled {yes|no}

Value Description

UserDN

Specifies the distinguished name of the user object to be disabled or enabled.

{yes|no}

Specifies whether the user account is disabled for log on (yes) or not (no).

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    dsmod user /?

  • To prevent a particular user from logging on for security reasons, you can disable user accounts rather than deleting user accounts.

  • By creating disabled user accounts with common group memberships, you can use disabled user accounts as account templates to simplify user account creation. For more information, see Related Topics.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Working with MMC console files
User and computer accounts
Copy a user account
Command-line reference A-Z
Directory service command-line tools