Mohammed Wasay

Tag: expires

  • Set password never to expire for users in a particular domain (Bulk mode)

    Set password never to expire for users in a particular domain (Bulk mode)

    Let me start by saying that I don’t recommend doing this at all.

    Password Never Expires is bad security practice, but there are situations that might require it.

    I had a similar request on how this could be done.

    Setting it for multiple users:

    #Connect of Office365
Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred 

#Get a List of user that belong to the second domain
$SDusers = Get-MsolUser -All -DomainName "yourseconddomain.com"

#Setting the password never to expire
ForEach($SDuser in $SDusers)
{
    Set-MsolUser -UserPrincipalName $SDuser -PasswordNeverExpires $true
}

    Setting it for a single user:

    Get-MSOLUser -UserPrincipalName [email protected] | Select PasswordNeverExpires

     

  • Bulk removal of Password Never Expires checkbox in AD

    No one intends this but it is a problem that sooner or later you will be come across in your system administrator career.

    I’ve see this resolved many different ways, but I like to narrow it down to a particular OU. Depending on your case you may want to clean this across the board in AD.

    Here is command prompt to the rescue:

    dsquery user "OU=Microsoft,DC=Redmond,DC=CORP,DC=LOCAL" -limit 4000 | dsmod user -pwdneverexpires no

    I haven’t tried this, but some have said the following works in Powershell:

    For OU:

    Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" | Set-ADUser -PasswordNeverExpires:$FALSE

    For AD:

    Get-ADUser -Filter {(ObjectClass -eq "user")} | Set-ADUser -PasswordNeverExpires:$FALSE