MOSS Profile Search LDAP query to remove disabled and service accounts

To put together the right query to get users that are not disabled accounts nor service accounts, you will need to add the following parameters to the query.

Update: I found a better approach to removing disabled accounts

• (!userAccountControl:1.2.840.113556.1.4.803:=2) - removes disabled accounts
• (!userAccountControl=65536) - removes accounts with password set to never expire

Your LDAP string should look something like this:

(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl=65536))

For more ADSI userAccountControl flags go here: https://msdn2.microsoft.com/en-us/library/aa772300.aspx