If you have ever tried to tweak the password policy in Office365 then you have likely encountered this warning.
Unfortunately, this restricts us to a password that can never be used for more than 730 days (2 years). Anything outside that range and you receive an error like the one above.
Does this mean that a password must expire?
Well, no, it does not have to.
Now password expiration is a best practice but, you may have a situation that necessitates having a more permanent password. One such example could be a service account for a network copier. The copier would use this account to perform scan-to-email functions. A user would scan a hardcopy of a document into the scanner and send it to email leveraging Office 365.
Most likely, you are never going to log with the scanner account. This means you will never see the expiration notice. You could set up a calendar reminder for yourself. You could also plaster your monitor with sticky notes. But, more than likely, your scan-to-email will break one day and leave you scratching your head as to why.
So, how do you set a password to never expire? The Admin Center gives you an error. So, what is left?
Yep, you guessed it — PowerShell.
To connect PowerShell to Office 365 there are a number of prerequisites. Take a moment to check out this article on how to get those configured.
http://supertekboy.com/2014/02/20/office-365-how-to-connect-with-powershell/
Now that you have those prerequisites met, let’s connect with PowerShell.
You should have an icon named Windows Azure Active Directory Module for Windows PowerShell. Right-click on this icon and select Run As Administrator from the context menu.
At the PowerShell prompt enter the following command and hit enter.
C:\> Set-ExecutionPolicy –ExecutionPolicy RemoteSigned
When prompted hit enter. (It defaults to Yes.)
Let’s put our administration credentials for Office 365 in a variable. Issue the following command and hit enter.
C:\> $super_creds=Get-Credential
You will then be prompted for credentials for a separate dialog box. Enter your Office 365 global administrator email address and password. Click the Ok button.
And finally, let’s connect to Office 365 with the following command.
C:\> Connect-MsolService –Credential $super_creds
Now, let’s do some damage. A quick way to see which accounts are set to expire is to use the Get-MSOLUser command.
C:\> Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
If you just needed to find the results for a single user just add the -UserPrincipalName switch.
C:\> Get-MSOLUser -UserPrincipalName khan@daleksofskaro.com | Select PasswordNeverExpires
To set the password to never expire for one user, issue the following cmdlet with the Boolean set to true.
C:\> Set-MSOLUser -UserPrincipalName khan@daleksofskaro.com -PasswordNeverExpires $true
If you need to do this for all users you can pipe the Get-MSOLUser cmdlet into the Set-MSOLUser cmdlet.
C:\> Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true
If you need to revert any of these changes, so passwords expire once more, simply repeat the command and switch the Boolean to $false.
Let me know how this works for you and please, feel free to share your own great PowerShell cmdlets in the comments below! Also, for more great tips be sure to sign up for our newsletter. The form is just below.
Hi Gareth,
Thanks for the post.
Is there any way you can create a script with these PS commands? because I think its not possible to run these commands every time you create a new user, instead if there’s a script then you can schedule it to run may be every week / month.
Hope it makes sense.