Using the DSQUERY Active Directory command-line tool, DatePorM.bat, CVTFileTime.bat, Today.bat, and userAccountControl.bat, I have scripted Expires.bat to report all user accounts that will be expired in the next N days.

NOTE: Expires.bat reports account expiration, NOT password expiration.

The syntax for using Expires.bat is:

<b>for /f "Tokens=1-3*" %%a in ('Expires Days \[/X\]') do (
 set usr=%%a
 set ExpireDT=%%b
 set ExpireTM=%%c
 set UserDN=%%d
 call :DoSomeThing
Where Days is a signed integer that will be added or subtracted from today's date, and /X is an optional switch that will bypass active accounts that expire before today.

The returned variables are usr, the NetBIOS user name (sAMAccountName), ExpireDT, the MM/DD/YYYY that the account expires, ExpireTM, the HH:MM:SS that the account expires on ExpireDT, and UserDN, the user's distinguished name (distinguishedName).

NOTE: Expires.bat bypassed accounts that are disabled.

Expires.bat contains:

@echo off
if \{%1\}<h1><a name="_echo_Syntax_Expires_Days_X_amp_goto_EOF_if_not_2_">\{\} @echo Syntax: Expires Days \[/X\]&goto :EOF
if not \{%2\}</a></h1>\{\} if /i not \{%2\}<h1><a name="_X_echo_Syntax_Expires_Days_X_amp_goto_EOF_setlocal_set_Days_1#_if_not_2_">\{/X\} @echo Syntax: Expires Days \[/X\]&goto :EOF
set Days=%1#
if not \{%2\}</a></h1>\{\} (
 set exclude=Y
 ) ELSE (
 set exclude=N
call today MMn DDn YYn Abrev MM DD
set TodayDT=%YYn%%MM%%DD%
if "%days:~0,1%" EQU "0" set days=%days:~1%&goto setdays
set days=%days:#=%
if "%days%" EQU "" set days=0
call DatePorM %Days% MMDDYYYY
<font size="1">set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -attr accountExpires userAccountControl sAMAccountName distinguishedName -limit 0</font>
for /f "Skip=1 Tokens=1-3*" %%a in ('%qry%') do (
 if not "%%a" EQU "0" call :expire %%a %%b %%c "%%d"
goto :EOF
call cvtfiletime %1 expdt
if /i "%expdt%" EQU "Never" goto :EOF
set usrdt=%expdt:~6,4%%expdt:~0,2%%expdt:~3,2%
if "%usrdt%" GTR "%ExpYYYYMMDD%" goto :EOF
if "%exclude%" EQU "Y" if "%usrdt%" LSS "%TodayDT%" goto :EOF
call userAccountControl %2 CommaSeparatedString
set dis=N
for /f "Tokens=1*" %%x in ('@echo %CommaSeparatedString%^|find /I "ACCOUNTDISABLE"') do (
 set dis=Y
if "%dis%" EQU "Y" goto :EOF
set dn=%4
set dn=%dn:  =%
set dn=%dn: "="%
@echo %3 %expdt% %dn%