dsquery user ou=disabledAccounts,dc=somedomain,dc=local -inactive 12 -limit 2000 –disabled
The catch is this, if the account has never been logged into it won't ever be returned. So how would you get around this?
Use the -filter switch and do an ldap query
dsquery * ou=disabledAccounts,dc=somedomain,dc=local -filter "(&(objectCategory=Person)(objectClass=User)(LastLogon=0) (UserAccountControl:1.2.840.1135184.108.40.2063:=2"))" -limit 2000
viola, you have the list.
Note: What the heck is UserAccountControl? It’s not the vista/win7 UAC but actually a bitwise value in AD that determines what state the account is in. 2 = disabled. http://support.microsoft.com/kb/269181