To get user account names of all *active* Active Directory *user* accounts with passwords that do not expire, run this command on Linux (substitute your domain, your admin account, and your domain controller):
ldapsearch -b "dc=mydomain,dc=com" -D "cn=myAdminAccount,ou=Users,dc=mydomain,dc=com" -H ldap://mydomaincontroller/ -W -x '(&(objectclass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(objectclass=Computer)))' sAMAccountName | egrep "^#"
The "1.2.840.113556.1.4.803" is the ldap code for a bitwise compare, and 65536 (decimal) is 0x10000 (hex), which refers to the bit that identifies whether a password will expire. (if "on", password will not expire.) "2" refers to the bit that identifies whether an account is enabled or not.