For large enterprise environments with clearly defined security policies (and helpdesks with plenty of support staff) it makes sense to have users change their passwords every so often. However, if you work in a small office having Office 365 force you to change your password can be annoying and disruptive, especially if you have many devices connected to the same mailbox.
Through the Office365 Admin panel you can change the “Days before passwords expire” value, but this has a limitation of 730 days. A pretty long time, but still you will have that thought in the back of your mind that one day you’re going to have to deal with updating your password.
Fortunately, via Windows PowerShell you can make it so that either a specific user account or all accounts on your Office365 domain will not ever be prompted to reset passwords.
You need these two programs:
Microsoft Online Services Module for Windows PowerShell
32bit – http://g.microsoftonline.com/0BX10EN/230
64bit – http://g.microsoftonline.com/0BX10EN/423
The Microsoft Online Services Sign-In Assistant 7.0
32bit – http://g.microsoftonline.com/0BX00en/500
64bit – http://g.microsoftonline.com/0BX00en/501
Launch PowerShell and execute the following commands in order:
1)
Import-Module msonline
(Import the module)
2)
$cred = Get-Credential
(Create a credential-object stored in the variable $credimp)
3)
Connect-MsolService -cred $cred
(Create a new remote PowerShell connection against the PowerShell endpoint for Office 365)
NOTE: You may receive a warning message, but it is OK to continue, the commands will still work.
WARNING: There is a newer version of the Microsoft Online Services Module. Your current version will still work as expected, however the latest version can be downloaded at https://portal.microsoftonline.com.
If you want to check if all the users have “Password never expires” setting enabled or disabled run this command:
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
How to enable the “Password never expires” setting for all users:
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
How to enable the “Password never expires” setting for a single user:
Set-MsolUser -UserPrincipalName <Microsoft Online Services ID> -PasswordNeverExpires $true
To check a single user to see if the “Password never expires” setting enabled or disabled run this command:
Get-MSOLUser -UserPrincipalName <Microsoft Online Services ID> | Select PasswordNeverExpires
To check a single user for not only the “Password never expires” setting, but more in depth information use this command:
Get-MSOLUser -UserPrincipalName <Microsoft Online Services ID> | FL
Optional – You can see / list all available commands by using the following:
Get-Command –Module msonline
That’s all you have to do. Just remember that when you create a NEW user, you will need to issue the above commands against that new user account (or the entire domain again) to set the PasswordNeverExpires flag for the new account.
Thanks for reading! Good luck!
Leave A Comment