Check Active Directory User Accounts with Password Set Not to Expire
I recently wanted to check what accounts I have in my organization that the passwords are set not to expire, this is potentially a security risk as the users password will never expire. By default I would advise a 30/60/90 day password expiration policy to provide the best security.
You can find this out by running this command via Powershell on a Domain Controller –
Search-ADAccount -PasswordNeverExpires | FT Name, ObjectClass, UserPrincipalName