Tags

, , , ,

My thanks to Stoch Tech Group’s blog for this most useful set of Powershell commands, to set the password no-expiration policy for a domain with Office 365, reprinted here for the sake of my own documentation.

http://stgtech.blogspot.com/2011/12/office-365-set-password-never-expires.html?showComment=1347631636769#c7274575091338521665

  • First you need a system with Microsoft Powershell installed. You can download this and find installation instructions for Powershell here.
  • Then you need to have the Microsoft Online Services Module installed which you can download here.
  • Now you will need to run the following commands in order.
  • $LiveCred = Get-Credential – You should then be prompted for your Office 365 admin credentials.
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection – You should see a few messages about redirection and then be returned to the prompt.
  • Import-PSSession $Session – You will again see a few messages on screen and should then be returned to the prompt. At this point we are connected and ready to work.
  • Connect-MSOLService – Connect to the MSOL Service
  • Get-MSOLUser – This will provide a list of the users and their User Principal Name which we will need for the next step.
  • Set-MSOLUser -UserPrincipalName user@domain.com -PasswordNeverExpires $true -StrongPasswordRequired $true – This will change a single user account’s password to never expire. If you want to change all user accounts use the next command.
  • Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true – This will set all accounts to have non expiring passwords.
  • Remove-PSSession $Session – Clean up and close our session when done.

Getting MS to allow a no-expiration policy for my small business customers was the holy grail of my first 12 months for customers we moved to on Online Services > Office 365.

Being a fairly small IT shop, but with several business customers and lots of users on Office 365, each time a user would not renew their password in time (why do they ignore warning messages?), we were required to drop everything to go and reset.   We literally moved 5 or more business back off MS’ service purely due to the management overheads it caused.    Allowing a no-expiration policy was the most sensible thing MS did for Office 365 small business customers.

*************************************************************

Going back to my own exchange with 365 support, this was their instruction set at the time, which worked for me:

Issue Description: Password policy needs amending to NO EXPIRATION

Use this link to connect to PowerShell Microsoft Online Services Module for Windows PowerShell

Do this

Click Start > All Programs Microsoft Online Services (Folder) and select Microsoft Online Services Module for Windows PowerShell

  • Run the command below:

$cred=Get-Credential

Then

  • Type the administrator credential.

Run this command to connect to Office 365:

Connect-MsolService -Credential $cred

For this way you won’t need the connection to exchange online using the long link

 

Set password never expire for all user

Get-MSOLUser | set-msoluser -PasswordNeverExpires $true

You don’t have to change nothing with this command

For everybody in the organization

After that

Check what users have the password never expire

Get-MSOLUser | select user*, password*

This command will show if all user has activated as “true”
Running all of this should then allow you to get the following output:

PS C:\Windows\system32> $cred=Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Windows\system32> Connect-MsolService -Credential $cred
PS C:\Windows\system32> Get-MSOLUser | set-msoluser -PasswordNeverExpires $true
PS C:\Windows\system32> Get-MSOLUser | select user*, password*

UserPrincipalName                                          PasswordNeverExpires
—————–                                          ——————–
customer@domain.com                                      True
admin@domain.com                                    True
customer@domain.com                                          True
customer@domain.com                                                   True
customer@domain.com                                                  True
customer@domain.com                                                  True
customer@domain.com                                                     True
customer@domain.com                                                     True
PS C:\Windows\system32>

Advertisements