blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Passwordneverexpires-How to disable password policy settings in BPOS and Office 365 with PowerShell

Office 365 has a password policy, which is by default set to expire on a regular basis (90 days). There are some guidelines which help to make sure that the password is secure:

  • Use 8 to 16 characters
  • combination of upper- and lowercase letters
  • at leat one numer or one symbol (be aware that the symbol is available in every language on every keyboard)
  • Do not use spaces, tabs, line breaks, your user name

Each user is able to change his password at any time. If a user forgets his password it can be reset by an Office 365 administrator.

In some cases – for example for service accounts – it is useful to change the password expiration policy to never expire.

In this post I will show you how you can disable the password expiration for Office 365 and for BPOS as well.

Password Policy change to never expire in Office 365

In office 365 you need only two lines to disable the password policy. First open the Microsoft Online Services Modul for Windows Powershell. (Download: 32bit or 64bit).

Connect to Office 365

Connect-MsolService

In the dialog enter the credentials of an administrator:

image

To change a single user:

Set-MsolUser -UserPrincipalName <username> -PasswordNeverExpires $True

To change all users at once:

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True

image

That’s it. You can control the result with the following command:

Get-MsolUser | fl

Password Policy change to never expire in BPOS

You can also change the password policy for former BPOS accounts. Here we use a csv-File, which contains all enabled users: First of all you need PowerShell for Migration (Download 32bit and 64bit).

Our first step is to export all users to a csv-File.

$Cred = Get-Credential
Get-MSOnlineUser -Credential $Cred -Enabled | select-object -property Identity | export-csv C:\data\user.csv

Now you find a csv-File with your enabled BPOS Users.

Our Script looks like that:

$Cred = Get-Credential
$Users = Import-Csv -Path "C:\data\user.csv"
ForEach($User in $Users)
{
        $User.Identity
        Set-MSOnlineUserPasswordNeverExpire –Identity $User.Identity –PasswordNeverExpire $true –Credential $Cred
}

Save the script as disableexpire.ps1 in the same directory as your user.csv file.

In PowerShell start the script with this command:

&"C:\Data\disableexpire.ps1"

This is the result:

image

All user account expiration settings have been changed.

Please be aware that it is – for security reasons – a good idea to change your passwords frequently!



Loading