I don't mean disabled... and I'm hoping for something other than "exported". Here's my problem: My org never deletes accounts (just disables them)--not my call. I've hidden the disabled accounts from browsing with a custom filter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))", but this doesn't hide from things like group membership lists (and with the "turnover" rate here, my AD is getting extremely cluttered). Does anyone have ideas or proven solutions for "archiving" user accounts in such a way as they are removed/hidden from AD (or even just my domain, group membership lists, etc), but easily put back just as they were? The primary purpose of not deleting accounts is preserving all attributes (including things like group membership) if the account is reenabled... so any sort of removal/archival needs to be able to preserve these. Attributes need not be easily accessed while the account is disabled or "archived".
If you start with "read, execute, write" basic permissions and take away "create folders/append data" you get a "drop folder" with read and "write new files only", but applications "save as" functions are unable to save files here. I can presume why... because it creates the file first then tries to rewrite it. Grant it, you can still drag'n'drop or copy/paste new files... but saving directly to this folder from a program fails. Is there a way to create such a folder that doesn't break the save-as function?