I want to find out list of users whose account is set to "cannot change password". How can I find by LDAP query? Script is also appreciated. I just need to find out the list.
This LDAP search filter should find what you have asked:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=64))
This works due to the Bitwise operation Extensible Match Rules provided within Active Directory.