Using PwdNX.bat, I have scripted AllPwdNX.bat to turn the DONT_EXPIRE_PASSWORD bit of the UserAccountControl attribute, on or off for all user's in the specified container or OU (Organizational Unit).

The syntax for using AllPwdNX.bat is:

AllPwdNX base Y|N

Where base is RFC 2253 DN to search from, like "DC=JSIINC,DC=COM" or "CN=Users,DC=JSIINC,DC=COM", or "OU=West,DC=JSIINC,DC=COM", and Y|N is a Y to set Password never expires on, or a N to set Password never expires off.

AllPwdNX.bat contains:

@echo off
setlocal ENABLEDELAYEDEXPANSION
if \{%2\}==\{\} goto err
set base=%1
set YN=%2
set /a pnx=65536
set adf=adfind -b %base% -f "&(objectcategory=person)(objectclass=user)" -nodn -noctl distinguishedName userAccountControl
if /i "%YN%" EQU "Y" goto swok
if /i "%YN%" NEQ "N" goto err
:swok
call :getusr>nul 2>&1
endlocal
goto :EOF
:err
@echo Syntax: AllPwdNX Base Y^|N
endlocal
goto :EOF
:getusr
for /f "Tokens=1* Delims=: " %%a in ('%adf%^|findstr /i "distinguishedName userAccountControl"') do (
 set p1=%%a
 set p1=!p1:~1!
 if /i "!p1!" EQU "distinguishedName" set userdn=%%b
 if /i "!p1!" EQU "userAccountControl" set /a userAccountControl=%%b&call pwdnx "!userdn!" %YN%
)