Problem: disabled users show up in Global Adress List and other address lists

Environment:

• Windows server 2003 domain functional level
• Windows 2000 forest functional level
• Windows Exchange Server 2k3 sp2 (Ver 6.5 Build 7638.2)

This actually is not a bug, it's a feature! Someone for some reason thought that exchange should behave like this by default!
If you have only a few users, you can fix this manually, by selecting this checkbox in user properties:
But in cases where you have hundreds of disabled users, you have to resort to old school vbscript.
The only "googlable" solution i found was this one
http://blogs.technet.com/b/heyscriptingguy/archive/2005/10/19/hey-scripting-guy-how-can-i-configure-the-hide-from-exchange-address-lists-property-for-all-the-contacts-in-a-domain.aspx

The suggested script is designed to run for all users, definitely not the case here.
Also for some reason, he suggests that we  should search for obect class contact, which in my case fetches no result!

 My first attempt after some googling was to modify the query like this:

"SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectClass='user' AND UserAccountControl:1.2.840.113556.1.4.803.:=2" 

The result was that the script remained stuck at consuming 100% of cpu and of course taking no action. After some googling i modefied the objectClass and made it objectCategory but still no result. I was further confused by the OID of UserAccountControl attribute in my schema, which ends in 8 instead of 803:

Digging deeper, i investigated the properties of one disabled user with adsiedit where i discovered the highlited property:

So, i changed to this property in my script and voila! All disabled users were excluded from exchange address lists! Note that it takes some time (max 48hrs for outlook offline adress list) to update all lists but the job is done finally.
My full script here:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=gea,dc=haf,dc=gr' WHERE objectCategory='user' AND msExchUserAccountControl=2"

Set objRecordSet = objCommand.Execute


objRecordSet.MoveFirst


Do Until objRecordSet.EOF
    strContactPath = objRecordSet.Fields("ADsPath").Value
    set objContact = GetObject(strContactPath)
    objContact.MSExchHideFromAddressLists = TRUE
    objContact.SetInfo
    objRecordSet.MoveNext
Loop