To obtain a report of all user profiles on the system, use the PRTUSRPRF command.
The first report lists the users by group if they exist (finance, bud, schools, etc) as well as any special authority, user class (user, system operator, programmer, security officer, etc), and whether they have limited capability.
The second report shows the user name, the status (*enabled or *disabled), number of not valid signons, whether the user profile has a password or not, previous sign on, password last change date, the password expiration interval (if this says *sysval, the system value QPWDEXPITV needs to be reviewed), and whether the password has expired or not.
The third report shows password levels (level 0 -1 supports 10 character passwords, level 2-3 supports passwords of up to 128 characters)