Today at the office I came across the article below and thought it was worth sharing. I used this tip to prepare for an organization wide password change that is coming up. By exporting the results to a  text file I was easily able to determine which accounts could be untouched, and which accounts needed to be changed. 


To determine if there are any account passwords set to never expire you can use the command prompt and enter: 

dsquery * -filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 

To disable the setting for everybody enter: 

dsquery *-filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 | dsmod user -pwdneverexpires no

However, there might be accounts that don’t need their password expiration set, or that should be done manually. For that, I simply used the first command and added >> filename.txt so I could write all the accounts to a file. Using this text file you could determine which accounts (Like administrator, scanners, etc.) can be ignored at the moment. 

dsquery *-filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 >> results.txt