Quick script for LDAP

-Posted by SploitMonkey

Querying an LDAP or AD server, want to know domain users that do not have CAC enabled accounts, and have not changed their password in 365 days.

dsquery * domainroot -limit 0 -Filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!userPrincipalName=1*@mil)(pwdLastSet<=130529699850000000)(!pwdLastSet=0))" -attr SamAccountName DisplayName SN

Need to change the pwdLastSet value to a date for your query.  Below is a great site to create that string.
http://www.epochconverter.com/epoch/ldap-timestamp.php - LDAP & Active Directory Timestamp Converter