Solution 1:

Enabling "Password never expires" will override any password expiration policy you configure in Group Policy.

But you can configure this setting much faster, without using dsa.msc. To list all user accounts with "Password never expires" set:

dsquery *  -filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0

To disable the setting for these users:

dsquery *  -filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 | dsmod user -pwdneverexpires no

Solution 2:

If "Password never expires" is set in AD, your group policy will not force them to change their passwords. Everything else in GP will apply to the accounts though.

Instead of unchecking everyone's account, you can do a bulk property edit by selecting multiple users (or all users) in an OU and editing the property once to state that passwords do expire.