Enable or disable password expiration for Office365 users using Powershell

You can change the general password expiration policies in the online GUI but for individual users and to check the state you need to use powershell.

  1. First make sure you have installed the required module for powershell.
    – Azure Active Directory Module for Windows Powershell.
    On Windows 10 you can open powershell with run as administrator and run the command: Install-Module -Name MSOnline
    Or you can download the installer from:
    http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
    You need the AdministrationConfig-V1.1.166.0-GA.msi file.
    – For this to install you need to have the Microsoft Online services sign-in assistant > 7.
    If you don’t have it you can download it from:
    https://www.microsoft.com/en-us/download/details.aspx?id=41950
  2. Now that we have the necessary software we can connect, start powershell for windows azure ad and execute:

    Connect-MsolService
  3. Check if password expiration is set for any of the users:
    Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
  4. Change password expiration for all users:
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $false
  5. Change password expiration for just one user:
    Set-MsolUser -UserPrincipalName u1@dm.tld -PasswordNeverExpires $true
    Set-MsolUser -UserPrincipalName u1@dm.tld -PasswordNeverExpires $false

Leave a Reply