Users unable to change passwords

One gotcha to be aware of when changing password polices in Office 365 is this – once you change the password policy so that passwords never expire, your users will be unable to change their passwords in the Self Service options. The error that they’ll see doesn’t really tell you much:

The tricky thing about this is that the Office 365 Admin Center doesn’t show you when the password policy is set to never expire – here’s an example of a tenancy where passwords are set to never expire:

You’ll notice that it still shows 730 days (2 years is the maximum time frame you can enter into that field) in the password expiry field – this is because the password expiration policy is set globally, but through PowerShell it’s set on a per user basis. You’ll need to dive into PowerShell to find the truth of the matter.

To verify that password expiry is set to never expire, run the following command:

Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

This shows that some users have been set to never expire, while any user created after that will (by default) inherit the global password expiry policy.

To set the password expiry policy to never expire for an individual user, run the following command:

Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true

If you want to change the policy for all users then run the following:

Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true

Just make sure you let your users know that they’ll need to have their password reset by an administrator if they forget it, and you’re good to go.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.