Azure AD – set password to never expire

This post covers how to check & set a password to never expire on single or multiple Azure AD Accounts.

Note the accounts must be cloud based, if you are synching accounts from local AD to Azure AD, you need to set passwords to never expire on the local AD account.

Check

Single User

Check expiration policies for a single user’s password with the following cmdlet.

Get-AzureADUser -ObjectId UPN | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}

For example:

Get-AzureADUser -ObjectId steve.bush@x500.co.uk | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}

AzureADPassExpiry1

Multiple Users

Check expiration policies for multiple user’s passwords using a CSV input file with the following cmdlet.

The CSV file only needs to contain the UPN of the Azure AD users, e.g.

AzureADUPN
steve.test1@x500.co.uk
steve.test2@x500.co.uk
steve.text3@x500.co.uk
Import-CSV CommonAreaAccounts.csv | ForEach {
  Get-AzureADUser -ObjectId $_.AzureADUPN | Select-Object UserPrincipalName,@{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
 }
}

AzureADPassExpiry4

Set

Single User

Set a password to never expire for a single user’s password with the following cmdlet.

Set-AzureADUser -ObjectId UPN -PasswordPolicies DisablePasswordExpiration

For example:

Set-AzureADUser -ObjectId steve.bush@x500.co.uk -PasswordPolicies DisablePasswordExpiration

AzureADPassExpiry2

Multiple Users

Set a password to never expire for multiple user’s passwords using a CSV input file with the following cmdlet.

Use the same input CSV file as detailed above.

Import-CSV CommonAreaAccounts.csv | ForEach {
  Set-AzureADUser -ObjectId $_.AzureADUPN -PasswordPolicies DisablePasswordExpiration
}

AzureADPassExpiry5

Check the expiry has been set correctly by running Get-AzureADUser as detailed above.

AzureADPassExpiry6

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s