To totally unlock this section you need to Log-in
Login
Office 365 user’s password management versus the “Standard” Domain Active directory is a little restricted.
For example: configure password policy parameters such as – Enforce password history, Minimum password length, Password must meet complexity requirements cannot be configured by the Office 365 administrator.
At the current time, the options that related to Office 365 users password management are: reset the user password and setting the number of maximum number of days or password expiration (the default is 90 days). So, what are the options that are available for Office 365 user’s password management?
In this article we will review a couple of options. Some of the options can be managed by using the Office 365 web interface and some task only by using PowerShell.
Display and work with users
To display basic user information about the Office 365 users, use the Get-MsolUser cmdlet. To count the number of users, use the Measure-Object (measure is an alias) cmdlet. The use of these two cmdlets is shown in the image that follows:
It is pretty obvious from the previous image that we have 32 total users, but some are licensed and some are not. Therefore, we want to know how many of each type user exists. We can use the Group-Object cmdlet to figure this out. The best way to use Group-Object is to first sort the data and then group the data. The command is:
Get-MsolUser | Sort islicensed | group islicensed
This command displays the needed information, but the output is a bit clunky. This is because of the grouping information that says it is a bunch of user objects. We already knew that. Therefore, to clean up the list, we want to remove the element grouping information. To do that, we add the –noelement switch to the command. The output from the two commands is shown here:
We want to get a good list of users that are not licensed. We can do this by piping our list of users to Where-Object and filtering on the islicensed property. We come up with the following command:
Get-MsolUser | where {-not $_.islicensed}
That's inefficient. This is because it needs to get the list of users, and then filter them. So we use the Get-Command cmdlet, and we find that there is a switch parameter that we can use. The command is shown here:
Get-Command Get-MsolUser | select -expand Definition
The output from the command is shown here:
We re-run the command using the LicenseReconciliationNeededOnly switch parameter, and we can see the output is exactly the same.
Note: the switch parameter is really long, so please do not fool with trying to type it. Use Tab expansion until it appears. This will ensure that it is spelled correctly, and save at least 30 seconds of typing.
The output from the two commands is shown here:
Remove unlicensed users
To remove all the unlicensed users, here is the command that we will have to use:
Get-MsolUser -LicenseReconciliationNeededOnly | Remove-MsolUser –Force
Obvioulsy, the removed users will be still available on Office 365's Recycle Bin, and it is easy to recover the deleted users via the admin tool.
Set Password never expired for Office 365 user
Set-MsolUser –UserPrincipalName-PasswordNeverExpires $True
Set-MsolUser –UserPrincipalName [email protected] -PasswordNeverExpires $True
Disable Password never expired option for a Office 365 user
Set-MsolUser –UserPrincipalName-PasswordNeverExpires $False
Set-MsolUser -UserPrincipalName [email protected] -PasswordNeverExpires $False
Set Password never expired for ALL Office 365 users (Bulk Mode)
Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True
Re-enable Password expired ( the default) for ALL Office 365 users (Bulk Mode)
Get-MsolUser | Set-MsolUser –PasswordNeverExpires $False
Set a Predefined Password for Office 365 user
Set-MsolUserPassword –UserPrincipalName–NewPassword -ForceChangePassword $False
Set-MsolUserPassword -UserPrincipalName [email protected] -NewPassword ww#322x -ForceChangePassword $False
Set a Predefined Password for Office 365 users imported from a CSV File
Step 1: Export Office 365 users account
Get-MsolUser | Select UserPrincipalName| Export-CSV
Step 2: Set a Predefined Password
Import-CSV |%{Set-MsolUserPassword -userPrincipalName $_.UserPrincipalName –NewPassword-ForceChangePassword $False}
Example: Step 1: Export Office 365 users account.
Get-MsolUser | Select UserPrincipalName|Export-CSV C:\Temp\o365users.csv
Import-CSV C:\Temp\o365users.csv |%{Set-MsolUserPassword -userPrincipalName $_.UserPrincipalName –NewPassword AbcAs123 -ForceChangePassword $False}
Create new Office 365 user and set a unique temporary password by import the information from CSV file:
Import-CSV –Path C:\Temp\users.csv| ForEach-Object { New-MsolUser -UserPrincipalName $_.UserPrincipalName -FirstName $_.FirstName -LastName $_.LastName -DisplayName "$($_.FirstName) $($_.LastName)" –Password $_.Password –UsageLocation “US” }
Set a Temporary Password for a specific user
Set-MsolUserPassword –UserPrincipalName–NewPassword -ForceChangePassword $True
Set-MsolUserPassword -UserPrincipalName [email protected] -NewPassword ww@322x -ForceChangePassword $True
Set a Temporary Password for all Office 365 users (Bulk Mode)
Get-MsolUser | Set-MsolUserPassword –NewPassword-ForceChangePassword $False
Get-MsolUser | Set-MsolUserPassword -NewPassword ww#322x -ForceChangePassword $False
Set Office 365 Password Policy
Set-MsolPasswordPolicy -DomainName-NotificationDays –ValidityPeriod
Set-MsolPasswordPolicy -DomainName o365info.com -NotificationDays 15 -ValidityPeriod 180
Display Password settings for all Office 365 users
Get-MsolUser | Select UserPrincipalName,PasswordNeverExpires
Display information about Office 365 Password Policy
Get-MsolPasswordPolicy –DomainName
Get-MsolPasswordPolicy –DomainName o365info.com