A friend is working on a script to pull active LCS accounts from his AD. One last bit of information that he that was troubling him was enabled/disabled AD accounts.
Reading the Scripting Guys article, I found a switch that will tell all disabled AD accounts. Perfect, but just the opposite of what he wanted. Reading deeper, they state that when the bit is set to 2, it shows disabled accounts, so I implied that when it's set to (something else??) 0 (or 1) it must be enabled. Tested 1, nope. Then I found this article that shown that using a NOT statement will return what I was looking for.
This tiny script will query your current AD environment and return all ENABLED accounts in the environment.
get-qaduser -includeallproperties -ldapfilter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
The "-includeallproperties" switch is required, otherwise you will get all accounts, and not those that apply to the LDAP filter.
Note, if you haven't already done so, you'll need to download and configure the Quest ActiveRoles Management Shell to run this query. This article helped me setup my environment and includes links to the various tools I use.