A few years ago I had a need to find all accounts in Active Directory that had the “Password Never Expires” option set. I wrote an HTA with VBScript to make it easy to find these accounts for anyone with little AD experience. I posted the script in the Microsoft Scripting Guys’ community script repository HERE, but I have received several reports recently from community members about errors. I have had the same reports with my Active Directory Last Logon Utility posted on their site, and it turns out that something gets lost in translation when copying code to the site. For whatever reason some of the formatting gets changed, so years later I have decided to post it here by request.
The script is written to search two AD LDAP paths, so make sure to change the paths at the top of the script. The script will return any user account objects that have “Password Never Expires” set on their account within those defined paths. It also searches all OUs under those paths. Once the accounts are returned you have a few choices. You can remove the option from those accounts, you can delete the accounts if no longer required, or you can simply export them to an Excel spreadsheet. After you have performed actions on those accounts, the script will display the accounts it made changes to and allow you to export those to a spreadsheet as well.
If you have any questions about this utility feel free to leave a comment. Also if you find this utility helpful, let me know in the comments. I always love hearing that I was able to help someone else.