My source was from dumping using MAP (Microsoft Assessment and Planning) toolkit using report "ActiveDevicesUsageTracker"
My AD wasn't using the default OU structure
Usable output = "Username" column = samID
Retrieve User-DN on Windows Server 2003
With the samID above, for each name
dsquery user -samid
Disable AD user accounts on Windows Server 2003
dsmod user user-DN -disabled yes
References (just got the important bits):
Not related but I needed to get the AD group membership of those disabled AD accounts for clean up purposes.
Retrieve by AD user object AD group membership:
dsget user "