We have a Windows 2003 Domain Controller with Active Directory. I will change the domain policy to require password complexity, change password every 60 days, etc. I know there are accounts in Active Directory where the "password never expires" option is checked. How can I easily find all of them that have this option checked without going through each account individually? Also, when I change the default domain policy for passwords, will this override the individual accounts option (i.e. if the domain policy says it has to be change every 60 days, will this override the "password never expires" option)?