Update: Post now resides at new blog site! http://www.tcscblog.com/2010/11/29/user-profile-imports-how-to-filter-out-disabled-users/
Here is how to filter out disabled Active Directory user accounts from your User Profile Synchronization Connection:
The default after setting up your connection is to pull back all Active Directory users. To change that you need go to the Configure Synchronization Connection screen, then use the drop down and select Edit Connection Filters.
As you can tell from the top section, you currently have no filters on the user accounts being imported. In the second section, set the following fields:
- All apply (AND)
- Attribute: userAccountControl
- Operator: Bit on equals
- Filter: 2
Click Add, and then scroll down to click Ok. As you scroll down, notice that you can also set filters on Group accounts.
Now, during your next import you will only get active user accounts.
_____________________
Sponsors *Trusted SharePoint Ads Only!*
Packaged Enterprise Search
for SharePoint.View a quick online demo here! Surfray.com/Ontolica
Free Outlook Sidebar!
Access SharePoint from Outlook w/ harmon.ie Sidebar. Download Now!
SharePoint Admin Toolkit – Download now!
FREE Tools to Simplify SharePoint Management
SharePoint Migration Tools
Sharegate: No-Brainer Migration Tools for SharePoint. $375.
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
8 Tips to Increase SharePoint Adoption
Download Free Whitepaper
SharePoint Adam 
06/21/2010 at 5:16 am
Thanks for this.
Is there also a way to filter out users with no e-mail address specified ?
We’re using Exchange so the Exchange attributes show in the Attribute dropdown, i’m just not sure whioch one I would choose to exclude users where we’ve removed e-mail.
Cheers
Ian
06/21/2010 at 6:01 pm
I don’t have Exchange installed to test, but I got it to work by using Attribute: mail with Operator = is not present. Leave Filter blank. Run a full User Profile Sync.
12/22/2010 at 9:20 am
Hi.First time I got all users (also Disabled). When I set up your option with userAccountControl and start full synchro – it doesn’t remove disabled profile. What to do with that ?
12/22/2010 at 11:34 am
Interesting. I did the same when setting this up and it removed the disabled accounts for me. Try doing an incremental sync instead and see what you get. Also, double check the settings and make sure you did this on the Users section and not the Groups section.