My thanks to Stoch Tech Group’s blog for this most useful set of Powershell commands, to set the password no-expiration policy for a domain with Office 365, reprinted here for the sake of my own documentation.
- First you need a system with Microsoft Powershell installed. You can download this and find installation instructions for Powershell here.
- Then you need to have the Microsoft Online Services Module installed which you can download here.
- Now you will need to run the following commands in order.
- $LiveCred = Get-Credential – You should then be prompted for your Office 365 admin credentials.
- $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection – You should see a few messages about redirection and then be returned to the prompt.
- Import-PSSession $Session – You will again see a few messages on screen and should then be returned to the prompt. At this point we are connected and ready to work.
- Connect-MSOLService – Connect to the MSOL Service
- Get-MSOLUser – This will provide a list of the users and their User Principal Name which we will need for the next step.
- Set-MSOLUser -UserPrincipalName firstname.lastname@example.org -PasswordNeverExpires $true -StrongPasswordRequired $true – This will change a single user account’s password to never expire. If you want to change all user accounts use the next command.
- Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true – This will set all accounts to have non expiring passwords.
- Remove-PSSession $Session – Clean up and close our session when done.
Getting MS to allow a no-expiration policy for my small business customers was the holy grail of my first 12 months for customers we moved to on Online Services > Office 365.
Being a fairly small IT shop, but with several business customers and lots of users on Office 365, each time a user would not renew their password in time (why do they ignore warning messages?), we were required to drop everything to go and reset. We literally moved 5 or more business back off MS’ service purely due to the management overheads it caused. Allowing a no-expiration policy was the most sensible thing MS did for Office 365 small business customers.
Going back to my own exchange with 365 support, this was their instruction set at the time, which worked for me:
Issue Description: Password policy needs amending to NO EXPIRATION
Use this link to connect to PowerShell Microsoft Online Services Module for Windows PowerShell
Click Start > All Programs > Microsoft Online Services (Folder) and select Microsoft Online Services Module for Windows PowerShell
- Type the administrator credential.
Run this command to connect to Office 365:
Connect-MsolService -Credential $cred
For this way you won’t need the connection to exchange online using the long link
Set password never expire for all user
Get-MSOLUser | set-msoluser -PasswordNeverExpires $true
You don’t have to change nothing with this command
For everybody in the organization
Check what users have the password never expire
Get-MSOLUser | select user*, password*
This command will show if all user has activated as “true”
Running all of this should then allow you to get the following output:
PS C:\Windows\system32> $cred=Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
PS C:\Windows\system32> Connect-MsolService -Credential $cred
PS C:\Windows\system32> Get-MSOLUser | set-msoluser -PasswordNeverExpires $true
PS C:\Windows\system32> Get-MSOLUser | select user*, password*