Udostępnij za pośrednictwem


Office 365 - Non-Federated Identity, Password never expires

The Microsoft Online Services Module allows you manage your tenant directly and in some cases change settings you can’t change in GUI (note this can only be achieved if you’re managing accounts that have been created in the tenant e.g. not created using Dirsync/ADFS).  To access Remote PowerShell to the Service Portal you will need to install the following prerequisites:-

  • Operating system: Use Windows 7 or Windows Server 2008 R2.
  • Microsoft .NET Framework: You must turn on the Microsoft .NET Framework 3.51 feature in Windows 7 or Windows Server 2008 R2.
  • Windows PowerShell 2.0 and AD FS 2.0: In order to run the cmdlets to set up single sign-on, you must turn on the Windows PowerShell 2.0 feature, and you must have administrator privileges on the AD FS 2.0 server. We recommend that you use remote access to the AD FS 2.0 server when you run the cmdlets; to do this you must use Windows PowerShell remoting.
  • All Office 365 software updates: From the Office 365 downloads page, install the required updates. To access the Office 365 downloads page, sign in to the Office 365 portal, and, under Resources, click Downloads. These updates are required because the features in Office 365 will not work properly without the appropriate versions of operating systems, browsers, and software.
  • Sign-In Assistant

Download the Microsoft Online Services Module

The Microsoft Online Services Module for Windows PowerShell is a download that comes with Office 365. This tool installs a set of cmdlets to Windows PowerShell (you run those cmdlets to set up single sign-on for Office 365).

In this case i want stop user(s) from being prompted to change their password. In order to do this you can run the Microsoft Online Services Module from the shortcut menu and connect to your Office 365 Tenant by running the following commands:-

  • Connect-MSOLService –Credential $MSOLCred –Verbose

You will need to enter your tenant credentials, once you have done this you can check what the current settings are by running

  • get-MsolUser –UserPrincipalName <UPNName> | fl

Note that PasswordNeverExpires is set to false, you can then change the setting for either that individual user or all users

  • All users - Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True
  • Individual user - Set-msoluser –UserPrincipalName <UPNName> -PasswordNeverExpires $True

Run the this command again to ensure that the settings have taken effect and that PasswordNeverExpires is set to True

  • get-MsolUser –UserPrincipalName <UPNName> | fl

Also if you don’t want the user t be prompted when they login you can run the following command

  • Set-MsolUserPassword –userPrincipalName <UPNName> -NewPassword "P@ssword" -ForceChangePassword $false

If you want to know a list of commands run

  • get-command –module msonline

This is the output (so as you can see its a pretty powerful tool, for example you can automate the provisioning of licenses for example):-

Add-MsolGroupMember

Add-MsolRoleMember

Confirm-MsolDomain

Connect-MsolService

Convert-MsolDomainToFederated

Convert-MsolDomainToStandard

Convert-MsolFederatedUser

Get-MsolAccountSku

Get-MsolCompanyInformation

Get-MsolContact

Get-MsolDomain

Get-MsolDomainFederationSett.

Get-MsolDomainVerificationDns

Get-MsolFederationProperty

Get-MsolGroup

Get-MsolGroupMember

Get-MsolPartnerContract

Get-MsolPartnerInformation

Get-MsolRole

Get-MsolRoleMember

Get-MsolSubscription

Get-MsolUser

Get-MsolUserRole

New-MsolDomain

New-MsolFederatedDomain

New-MsolGroup

New-MsolLicenseOptions

New-MsolUser

Remove-MsolContact

Remove-MsolDomain

Remove-MsolFederatedDomain

Remove-MsolGroup

Remove-MsolGroupMember

Remove-MsolRoleMember

Remove-MsolUser

Set-MsolADFSContext

Set-MsolCompanyContactInform.

Set-MsolCompanySettings

Set-MsolDirSyncEnabled

Set-MsolDomain

Set-MsolDomainAuthentication

Set-MsolDomainFederationSett.

Set-MsolGroup

Set-MsolPartnerInformation

Set-MsolUser

Set-MsolUserLicense

Set-MsolUserPassword

Set-MsolUserPrincipalName

Update-MsolFederatedDomain

 

Written by Daniel Kenyon-Smith