Not sure what Howard's reply is, but my script does check for accounts set to 'never expire.'
Anyway, here it is... (oh, and the AllFlags() is by NewMexicoMark)
code:
break on cls
;ADS UserFlags Typedef
$ADS_UF_SCRIPT = &1
$ADS_UF_ACCOUNTDISABLE = &2
$ADS_UF_HOMEDIR_REQUIRED = &3
$ADS_UF_LOCKOUT = &10
$ADS_UF_PASSWD_NOTREQD = &20
$ADS_UF_PASSWD_CANT_CHANGE = &40
$ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
$ADS_UF_TEMP_DUPLICATE_ACCOUNT = &100
$ADS_UF_NORMAL_ACCOUNT = &200
$ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = &800
$ADS_UF_WORKSTATION_TRUST_ACCOUNT = &1000
$ADS_UF_SERVER_TRUST_ACCOUNT = &2000
$ADS_UF_DONTEXPIREPASSWD = &10000
$ADS_UF_MNS_LOGON_ACCOUNT = &20000
$ADS_UF_SMARTCARD_REQUIRED = &40000
$ADS_UF_TRUSTED_FOR_DELEGATION = &80000
$ADS_UF_NOT_DELEGATED = &100000
$nul=redirectoutput(@scriptdir+"expiredaccounts.txt",1)
$user=getobject("WinNT://@domain")
$user.filter="User",""
for each $u in $user
$objUser=getobject("WinNT://@domain/"+$u.name)
$MaxAge=$objUser.MaxPasswordAge/86400
$PsdAge=$objUser.PasswordAge/86400
if $MaxAge <= $PsdAge
$UserFlags = $objUser.Get("UserFlags")
if AllFlags($UserFlags, $ADS_UF_DONTEXPIREPASSWD)=0 or AllFlags($UserFlags, $ADS_UF_ACCOUNTDISABLE)=0
? $objUser.name " " $maxage - $psdage " " $objUser.LastLogin
endif
endif
next
FUNCTION AllFlags($iNum, $iTst)
$iNum=Val($iNum) $iTst=Val($iTst)
IF $iTst=0 $AllFlags=0 EXIT ENDIF
$AllFlags=(($iNum & $iTst)=$iTst)
ENDFUNCTION
I ran this code versus a report from Hyena and it matched it user by user.
