A. There are numerous filters you can apply when you perform an LDAP query. To check a user’s enabled status, you must check the user account flags. To check for a disabled user, you can use

useraccountcontrol:1.2.840.113556.1.4.803:=2

To check for a non-disabled user, you can add not (!) to the start of the query. For example,

!(useraccountcontrol:1.2.840.113556.1.4.803:=2)

When used as part of a query, this will result in a listing of only enabled users.