We have a archiving software and policy in place that prevents us from purging old user accounts from our systems. However, we also have many systems that perform LDAP lookups against our directory for various reasons (directory harvesting, user lists, etc etc).
I guess what I'm looking for is a way to prevent these users from appearing in LDAP searches. If it has to be restricted by permissions of the LDAP bind account, that's fine - but I'm not sure how to do that, or if it's even possible.
All the accounts for former employees are disabled and reside in an OU called "Former Employees". None of them have mailboxes on our Exchange, and they are not members of any groups other than Users.
Any assistance is greatly appreciated.