We may have a requirement to set a password for an individual user to never expire and in some cases requirement would be set a group of user’s password to never expire. We can set passwordneverexpires flag to Office 365 user by using the Azure AD powershell cmdlet Set-MsolUser.
Before porceed run the following command to connect Azure AD powershell module:
Import-Module MSOnline $msolCred = Get-Credential Connect-MsolService –Credential $msolCred
Run the below command to set an individual user’s password to never expire.
Set-MsolUser -UserPrincipalName [email protected] -PasswordNeverExpires $true
If you want to verify the PasswordNeverExpires setting has been applied or not, you can check it by using Get-MsolUser cmdlet.
Get-MsolUser -UserPrincipalName [email protected] | Select PasswordNeverExpires
Set Password Never Expire for Group of Users
In some situations, we may required to set specific type of user’s password to never expire (i.e. users who are in same department or same office). In this case, we need to first get users by applying filter in Get-MsolUser cmdlet and pipe the results to Set-MsolUser cmdlet.
Get-MsolUser -All | Where-Object { $_.Department -like '*Admin*'} | Set-MsolUser -PasswordNeverExpires $true
You can just remove the where-object check in above command if you want to set it for all users.
Set Bulk AD Users Password Never Expire from CSV
We can import users from csv file and set passwordneverexpires setting. Consider the CSV file office365users.csv which contains set of Office 365 users with the column header UserPrincipalName.
Import-Csv 'C:\office365users.csv' | ForEach-Object { $upn = $_."UserPrincipalName" Set-MsolUser -UserPrincipalName $upn -PasswordNeverExpires $true; }
Get all Users whose Password Never Expire
We can select all Azure AD users whose password never expire by using below command.
Get-MsolUser -All | Where-Object { $_.PasswordNeverExpires -eq $true} | Select DisplayName,UserPrincipalName
Use below command to export output to csv file.
Get-MsolUser -All | Where-Object { $_.PasswordNeverExpires -eq $true} | Select DisplayName,UserPrincipalName | Export-CSV "C:\PwdNeverExpireUsers.csv" -NoTypeInformation -Encoding UTF8