You could always create a workflow to handle it as well. Using the "Update User" component, you could be sure that the action is going to be basically the same as taking action through the console.
As far as the values resetting, I still think you'll need to either exclude the users from the sync in some way, or (better yet) disable the user accounts in AD in order to prevent the sync of those accounts.
In your test in which you mentioned:
When I disable an account using the portal, there is no problem, the accounts stay disabled after AD sync.
Did you then run a reset sync afterwards? If not, run a reset sync and observe any changes with the account(s) you disabled via the console.