Disabled users can be excluded from the search by excluding those with the 'disabled' flag set in the userAccountControl attribute. Active Directory provides the Extensible Match rule '1.2.840.113556.1.4.803' for this purpose.
The filter to disregard disabled users is (!(userAccountControl:1.2.840.113556.1.4.803:=2)).
For example, if you are selecting All Users and Groups (the default in Schemus), the search filter will be:
(|(&(objectCategory=person)(objectClass=user))(objectCategory=group))
Exclude disabled users by modifying the search filter as follows:
(|(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
To change this in Schemus,
- start the application, open the configuration then click 'Modify'
- click on 'LDAP search'
- click the small button to the right of the search base
- edit the text in the 'Search filter' field as above.
- click 'Save'
- Perform a 'Test update' to check whether disabled users would be removed.