Travis,
This will actually be quite hard using the EX4200s - the SRX is more suited to this sort of thing.
What you could do though (assuming you have internal DNS servers):
Write a firewall-filter on your EXs to block outbound DNS requests from everyone EXCEPT your DNS server(s). This will force everyone to use your internal server to get to the internet.
Create a new zone on your DNS server for facebook.com - don't bother putting any records into it.
Now when your users look up *.facebook.com, your server will attempt to find any address in the local zone (and fail).
Just be aware there are a few proxy sites out there that allow access to facebook via alternate domains. You'll have to create zone files for any of these that your users come across. But like I said - the SRX is much better suited for this type of thing and can block sites by domain quite easily.
Hope this helps.