If you're actually going to consistently follow one pattern (i.e. the domain 60 day password expiration), then I'd suggest mandating a simple SQL Server login policy. For instance:

All SQL passwords change every 45 days (i.e. just over 2 weeks before they expire, in case of delays from vacations or whatnot).

Abandon all efforts towards detection/notification of expired passwords - that's entirely the app's problem, and if you change passwords every 45 days, they'll never hit the 60 day expiration!

Then automate the heck out of it. You can get (or have coded) a cryptographic pseudorandom number generator to generate passwords as part of ALTER LOGIN statements, then a script using sqlcmd to load them into the database, and some way of securely passing them out to the people who need them (this is likely to be the hardest and most painful part) for the applications.

Note also that when you really get into the automation, the length no longer matters - a program comes up with them, a program changes them in SQL, a program changes them in the apps - no human even needs to know them. If you have a problem with one, tell the program to regenerate that one (instead of all of them) and update everything!

Alternately, work with the app developers so that the apps have some sort of encrypted password/connection string stored, and the automation that gives SQL Server the new passwords also automatically updates the app passwords.