Sometimes you just need to reset the password does not expire option on all AD accounts in an OU. This little script helps you do that. It is recursive, so point it at a parent OU and let it run. It will not run on the CN=Users unless you type that in as the parent OU.

This script is designed to be run using cscript. Example: cscript RemovePasswordDoesNotExpire.vbs>results.txt

RemovePasswordDoesNotExpire.vbs Script Code:

'**************************************************************************************
'Script Name: RemovePasswordDoesNotExpire.vbs
'Author     : Carlton Colter
'Purpose    : To notify users of password expiration via E-Mail
'Created    : 8/4/2008
'**************************************************************************************
 
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const LDAPPATH     = "LDAP://DOMAIN/OU=OrganizationalUnit,DC=domain,DC=com"

Set objContainer = GetObject(InputBox("OU Distinguished Name:","OU",LDAPPATH))
ProcessOU objContainer, numDays
ProcessFolder objContainer, numDays
Set objContainer = Nothing

WScript.Echo "Done."


Sub ProcessOU (OU)
  Dim SubOU

  ou.Filter = Array("OrganizationalUnit")

  For Each SubOU in OU
    ProcessOU SubOU
    ProcessFolder SubOU
  Next
End Sub

Sub ProcessFolder (objContainer)
  Dim objUser

  objContainer.Filter = Array ("User")

  For each objUser in objContainer
    RemovePasswordNeverExpires(objUser)
  Next
End Sub

Sub RemovePasswordNeverExpires(objUser)
  intUAC = objUser.Get("userAccountControl")

  '<<<<< Disable Password never expires >>>>>
  if intUAC and ADS_UF_DONT_EXPIRE_PASSWD Then
    Wscript.Echo objUser.givenName & " " & objUser.sn & ": Removing Password Does Not Expire"
    objUser.put "userAccountControl",  intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
    objUser.setinfo
  end if
End Sub