There may be times when someone is required to bulk import user accounts into Active Directory. Depending upon the method used you can be left with accounts that were created that do not require any password. You can run the following script to locate such accounts
Get-ADUser -Filter ‘useraccountcontrol -band 32’ -Properties CanonicalName, PasswordNotRequired | FT SamAccountname, PasswordNotRequired, CanonicalName -autosize
These are best located before auditors or “friendly” hackers come in and locate them for you.