Forum Discussion

Brass Contributor

Sep 17, 2017

Solved

set password expiry in O365

can i set password expiry for certain select group of users to get them to change their password regularly ? currently, the system policy is set to 180 days expiry date. but we noticed that some us...

office 365

Aljohn Bonifacio
Sep 18, 2017
If you set password expiry in O365, it will apply to all users. What you need to do to exempt is to set individual users password to never expire. You can do this via Powershell: https://support.office.com/en-us/article/Set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466

Also, you can set all users first to never expire,
Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true
then change individually selected users to password that expires.
Set-MSOLUser -UserPrincipalName <alias> -PasswordNeverExpires $false

Deleted

Jul 13, 2018

Is possible to set password expired and not PasswordNeverExpires for single user?

Nestori Syynimaa

MVP

Jul 15, 2018

You can set the password to never expire for a single user using the following PowerShell command:

Set-MsolUser -UserPrincipalName <your user> -PasswordNeverExpires $true

To force a single user to change the password during the next login, use the following command:

Set-MsolUserPassword -UserPrincipalName <your user> -ForceChangePassword $true

Please note that these commands only affects the users whose passwords are in the cloud. I.e. you are not using password hash sync, federated identity, passthru authentication, etc.

Deleted
Jul 16, 2018
Ok, thank you very much.
I have a hybrid configuration in the company. Users on premise with ADSync synchronization in Office 365 and users who only have cloud mail in O365.
I need to set the GPOs for password expiration in active directory and also expire users who are on the cloud. By setting the password expiration on the cloud, do I conflict that the gpo I have set in active directory?
I understand that cloud users take the password expiration rule from Office 365, in the security and privacy section, while an on-premise user who has the GPOs in AD set, also acquires the password expiration rules that are in O365?
- Nestori Syynimaa
  MVP
  Jul 16, 2018
  Do you have also the password sync enabled? If so, all password policies are managed in on-prem AD and O365 expiration rules etc. do not apply for synced users.
  - Deleted
    Sep 18, 2018
    hi, I tested a user in active directory on premise. I set the mandatory password change at the next user login, with powershell on O365. Then I tried to log in to O365 and rightly asked me to change my password. Then I synchronized the password between AD and O365 (my synchronization works only from AD to O365) I would have expected to access O365 with the password of the user set in AD instead it is not. To log in I must use the previous password reset with the Powershell command on O365. In active directory instead I log in with the old password. Is it right that it works like this or is there some configuration error?