# script to find all AD users who have the “cannot change password” box checked in a specific OU
# Windows Server 2016
# Powershell
Get-ADUser -Filter * -Properties CannotChangePassword -SearchBase “OU=specificOU,DC=TEST,DC=com” | where { $_.CannotChangePassword -eq “true” } | Format-Table Name, DistinguishedName