function Disable-ActiveDirectoryAccount {

    <#
    .SYNOPSIS
        Disables a user, MSA, or gMSA account

    .DESCRIPTION
        Disables a user, MSA, or gMSA account

    .PARAMETER Accounts
        [Microsoft.ActiveDirectory.Management.ADAccount] An ADAccount base object

    .EXAMPLE
        Disable-ActiveDirectoryAccount "fake.serviceaccount"
    #>

  [CmdletBinding()]
  param(
    [Parameter(Mandatory = $true)]
    [Microsoft.ActiveDirectory.Management.ADAccount]$Account
  )

  $logLead = Get-LogLeadName

  if (!(Test-IsUserDomainAdmin)) {

    Write-Warning "$logLead : You must have domain administrative privileges to run this command"
    return $nulls
  }

  $accountName = $Account.Name

  if ($true -eq $Account.Enabled) {

    Write-Host "$logLead : Disabling account [$accountName]"

    if ($Account.DistinguishedName -match "Managed Service Accounts") {

      Write-Verbose "$logLead : MSA/gMSA detected"
      Set-ADServiceAccount -Identity $Account.DistinguishedName -Enabled:$false
    } else {

      Write-Verbose "$logLead : Standard account detected"
      Set-ADUser -Identity $Account.DistinguishedName -Enabled:$false
    }

  } else {

    Write-Warning "$logLead : Account [$accountName] already disabled."
  }
}