I exclude Disabled in a vb script that queries AD.

Here’s the check for a user being disabled in AD:

(userAccountControl:1.2.840.113556.1.4.803:=2)

So to exclude use (!userAccountControl:1.2.840.113556.1.4.803:=2) in the filter:

strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=CERUsers,ou=CER,ou=intranet applications,ou=groups,ou=khs,dc=myhouse,dc=org))"

From the VB script:

' Open the output file for write access.

Set objFile = objFSO.OpenTextFile(strFilePath, 2, True, 0)

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

Set objCommand = CreateObject("ADODB.Command")

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider","myhouse\mylogin","mypassword"

objCommand.ActiveConnection = objConnection

strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=Distribution Group Corporate Management,ou=Mail Groups,ou=groups,ou=khs,dc=myhouse,dc=org))"

strAttributes = "cn,displayName,mail,title,physicalDeliveryOfficeName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 100

objCommand.Properties("Timeout") = 30

objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute