Tuesday, 25 October 2016

Set Office 365 User Password Never Expire using Powershell

We may have a requirement to set a password for an individual user to never expire and in some cases requirement would be set a group of user's password to never expire. We can set passwordneverexpires flag to Office 365 user by using the Azure AD powershell cmdlet Set-MsolUser.

Before porceed run the following command to connect Azure AD powershell module:
Import-Module MSOnline
$msolCred = Get-Credential
Connect-MsolService –Credential $msolCred
Run the below command to set an individual user’s password to never expire.
Set-MsolUser -UserPrincipalName user@yourdomain.onmicrosoft.com -PasswordNeverExpires $true
If you want to verify the PasswordNeverExpires setting has been applied or not, you can check it by using Get-MsolUser cmdlet.
Get-MsolUser -UserPrincipalName user@yourdomain.onmicrosoft.com | Select PasswordNeverExpires

Set Password Never Expire for Group of Users

In some situations, we may required to set specific type of user's password to never expire (i.e. users who are in same department or same office). In this case, we need to first get users by applying filter in Get-MsolUser cmdlet and pipe the results to Set-MsolUser cmdlet.
Get-MsolUser -All | Where-Object { $_.Department -like '*Admin*'} | Set-MsolUser -PasswordNeverExpires $true
You can just remove the where-object check in above command if you want to set it for all users.

Set Bulk AD Users Password Never Expire from CSV

We can import users from csv file and set passwordneverexpires setting. Consider the CSV file office365users.csv which contains set of Office 365 users with the column header UserPrincipalName.
Import-Csv 'C:\office365users.csv' | ForEach-Object {
$upn = $_."UserPrincipalName"
Set-MsolUser -UserPrincipalName $upn -PasswordNeverExpires $true;

Get all Users whose Password Never Expire

We can select all Azure AD users whose password never expire by using below command.
Get-MsolUser -All | Where-Object { $_.PasswordNeverExpires -eq $true} |
Select DisplayName,UserPrincipalName
Use below command to export output to csv file.
Get-MsolUser -All | Where-Object { $_.PasswordNeverExpires -eq $true} | 
Select DisplayName,UserPrincipalName |
Export-CSV "C:\\PwdNeverExpireUsers.csv" -NoTypeInformation -Encoding UTF8


No comments:

Post a Comment