MOSS Profile Search LDAP query to remove disabled and service accounts
To put together the right query to get users that are not disabled accounts nor service accounts, you will need to add the following parameters to the query.
Update: I found a better approach to removing disabled accounts
- (!userAccountControl:1.2.840.113556.1.4.803:=2) - removes disabled accounts
- (!userAccountControl=65536) - removes accounts with password set to never expire
Your LDAP string should look something like this:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl=65536))
For more ADSI userAccountControl flags go here: https://msdn2.microsoft.com/en-us/library/aa772300.aspx