Hi,
Try the following
var searchResult = host.getLdapClient().search(host.hostConfiguration.ldapBase,
LdapSearchScope.SUB,
LdapDereferencePolicy.ALWAYS,
0, 0,
"(&(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2))" );
var result = searchResult.getSearchEntries();
for (var e in result) {
System.log(entries[e].getParsedDN().toNormalizedString());
}
It uses the generic LDAP client to execute a LDAP query that finds disabled users and then prints their DNs (LDAP query is taken from http://windowsitpro.com/windows/how-can-i-specify-only-users-are-enabled-ldap-query)