I exclude Disabled in a vb script that queries AD.
Here’s the check for a user being disabled in AD:
(userAccountControl:1.2.840.113556.1.4.803:=2)
So to exclude use (!userAccountControl:1.2.840.113556.1.4.803:=2) in the filter:
strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=CERUsers,ou=CER,ou=intranet applications,ou=groups,ou=khs,dc=myhouse,dc=org))"
From the VB script:
' Open the output file for write access.
Set objFile = objFSO.OpenTextFile(strFilePath, 2, True, 0)
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider","myhouse\mylogin","mypassword"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=Distribution Group Corporate Management,ou=Mail Groups,ou=groups,ou=khs,dc=myhouse,dc=org))"
strAttributes = "cn,displayName,mail,title,physicalDeliveryOfficeName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute