I have scripted UnUsedNewUsers.bat to report all user accounts that have the user must change password at next logon flag set, and have been created for at least N days.

NOTES:

UnUsedNewUsers.bat uses DatePorM.bat, and iDateYMD.bat, which must be located in your PATH.

REG.EXE, built into Windows XP and Windows Server 2003, or REG.EXE from the Windows 2000 Support Tools on the CD-ROM, must be available in your PATH.

UnUsedNewUsers.bat uses DSQuery.exe.

See How can I filter an Active Directory query using a bitwise flag and How can I filter an Active Directory query by testing an attribute to be NOT EQUAL.

See How can I decode the userAccountControl attribute?

The syntax for using UnUsedNewUsers.bat is:

UnUsedNewUsers days

Where days is the required age of an unused user account, before it is reported.

UnUsedNewUsers.bat contains:

@echo off                              if \{%1\}==\{\} @echo Syntax: UnUsedNewUsers days&goto :EOF                              if %1 NEQ +%1 @echo Syntax: UnUsedNewUsers days&goto :EOF                              setlocal                              set blank=                           #                              set /a days=10000%1%%10000                              :: Retrieve user accounts that do not have 'password never expires' and have 'user must change password at next logon' set.                              set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(logonCount=0)(pwdLastSet=0)(!userAccountControl:1.2.840.113556.1.4.804:=65536))" -attr sAMAccountName whenCreated -limit 0                              call DatePorM -%days% since                               call iDateYMD %since% YYYY MM DD                              set old=%YYYY%%MM%%DD%                              for /f "Skip=1 Tokens=1,2" %%u in ('%qry%') do (                               call :chkcrt %%u %%v                              )                              endlocal                              goto :EOF                              :chkcrt                              call iDateYMD %2 YYYY MM DD                              set crt=%YYYY%%MM%%DD%                              if "%crt%" LEQ "%old%" @echo %1 %crt%