List accounts with non-expiring passwords
As administrator of Active Directory you probably want control over all accounts with passwords that never expire.
These should be service accounts and they should be restricted and stripped of all the privileges they do not need to fulfill the task assigned to them.
The LDAP query to list all accounts with non-expiring passwords look like this:
(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))
Just copy/paste the query string above into your favourite LDAP browser and you should get the list of locked out accounts.
Check this out to get more info from Active Directory!