Using PwdNX.bat, I have scripted AllPwdNX.bat to turn the DONT_EXPIRE_PASSWORD bit of the UserAccountControl attribute, on or off for all user's in the specified container or OU (Organizational Unit).

The syntax for using AllPwdNX.bat is:

AllPwdNX base Y|N

Where base is RFC 2253 DN to search from, like "DC=JSIINC,DC=COM" or "CN=Users,DC=JSIINC,DC=COM", or "OU=West,DC=JSIINC,DC=COM", and Y|N is a Y to set Password never expires on, or a N to set Password never expires off.

AllPwdNX.bat contains:

@echo off                              setlocal ENABLEDELAYEDEXPANSION                              if \{%2\}==\{\} goto err                              set base=%1                              set YN=%2                              set /a pnx=65536                              set adf=adfind -b %base% -f "&(objectcategory=person)(objectclass=user)" -nodn -noctl distinguishedName userAccountControl                              if /i "%YN%" EQU "Y" goto swok                              if /i "%YN%" NEQ "N" goto err                              :swok                              call :getusr>nul 2>&1                              endlocal                              goto :EOF                              :err                              @echo Syntax: AllPwdNX Base Y^|N                              endlocal                              goto :EOF                              :getusr                              for /f "Tokens=1* Delims=: " %%a in ('%adf%^|findstr /i "distinguishedName userAccountControl"') do (                               set p1=%%a                               set p1=!p1:~1!                               if /i "!p1!" EQU "distinguishedName" set userdn=%%b                               if /i "!p1!" EQU "userAccountControl" set /a userAccountControl=%%b&call pwdnx "!userdn!" %YN%                               )