This post covers how to check & set a password to never expire on single or multiple Azure AD Accounts.
Note the accounts must be cloud based, if you are synching accounts from local AD to Azure AD, you need to set passwords to never expire on the local AD account.
Check
Single User
Check expiration policies for a single user’s password with the following cmdlet.
Get-AzureADUser -ObjectId UPN | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"} }
For example:
Get-AzureADUser -ObjectId steve.bush@x500.co.uk | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"} }
Multiple Users
Check expiration policies for multiple user’s passwords using a CSV input file with the following cmdlet.
The CSV file only needs to contain the UPN of the Azure AD users, e.g.
AzureADUPN steve.test1@x500.co.uk steve.test2@x500.co.uk steve.text3@x500.co.uk
Import-CSV CommonAreaAccounts.csv | ForEach { Get-AzureADUser -ObjectId $_.AzureADUPN | Select-Object UserPrincipalName,@{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"} } }
Set
Single User
Set a password to never expire for a single user’s password with the following cmdlet.
Set-AzureADUser -ObjectId UPN -PasswordPolicies DisablePasswordExpiration
For example:
Set-AzureADUser -ObjectId steve.bush@x500.co.uk -PasswordPolicies DisablePasswordExpiration
Multiple Users
Set a password to never expire for multiple user’s passwords using a CSV input file with the following cmdlet.
Use the same input CSV file as detailed above.
Import-CSV CommonAreaAccounts.csv | ForEach { Set-AzureADUser -ObjectId $_.AzureADUPN -PasswordPolicies DisablePasswordExpiration }
Check the expiry has been set correctly by running Get-AzureADUser as detailed above.