Hi @Marvin Oco
Just a clarification
Today you disable AD users with expired passwords, with the script you've shared.
What you are hoping for is to exclude members of an AD OU so that they are not disabled if their passwords expire? Is my understanding correct?
If so there are several ways of doing it, the optimal solution depends on where your script runs today, you could set your script to apply to the OUs you want, and not on the ones where you want to exclude it from being run. This can be accomplished over Powershell, or even with a GPO. Ensuring that the link is enabled, enforced or the order of precedence for the GPO setting.
Best regards,
Ulv