On my system (CentOS 5.5) there is not a -a option of passwd and the option -S (available only to root) requires a user name. Yyou can either create a list of users and execute the passwd -S command in a loop or parse the /etc/shadow file to check the second field. Locked accounts have one or two exclamation marks prepended to the second field so that
awk -F: '$2 ~ /^!/' /etc/shadow
should do the trick. If you want to exclude system users for which a password has been never set (hence the second field is just one or two exclamation marks) you can try
awk -F: '$2 ~ /^!+[^!]/' /etc/shadow
Hope this helps.