Tuesday, September 4, 2012

Office 365, PowerShell and passwords

Since, as I know, most of us are familiar with Office 365, and maybe even using it. But most of us never do things than what the Office 365 Management site gives us. But then comes this day when you are assigned to do the things we can't do with the management service, like it happened to me.
Today I was asked to set the user passwords to some of our customers to never expire. Quite simple task in Active Directory if you ask me, but that's not the case in Office 365. You have to do this in PowerShell.
So I'll brick this post in two: The first part will show you how to connect to Exchange online in Office 365 using PowerShell, and the second will show you how to set the passwords to never expire.
I also encourage any system administrators to get more familiar with PowerShell and at least get the basic idea behind it. It will greatly assist you in understanding the principles of today ways of administration.

Instead of letting you dig trough this page at microsoft (link), I'll tell you what you need.
First, install Microsoft Online Services Sign-in Assistant:

Second, Install the Microsoft Online Services Module for Windows PowerShell:

Now, find and open Microsoft Online Services Module for Windows PowerShell from the start menu.

Enter this command after:
$LiveCred = Get-Credential
Enter your Office 365 Admin credentials (full email address and password).

This command will create a new PowerShell parameter $LiveCred with the credentials you are going to connect with. After that enter this command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
This will create a new parameter $Session with the connection parameters.  > 
  Now let's open a new session:
Import-PSSession $Session

And connect to Office 365:
Connect-MsolService -Credential $LiveCred

Finally we're ready to execute the commands to Office 365.

Warning! Be careful with what you type, the below cmdlet's can cause you a lot of trouble!

Let's see our issue with passwords:
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
You can see a table with the username and a PasswordNeverExpires state (I have blanked the usernames). Some of them are blank, and some of them are set to false. Both of them means that the password is set to expire. So let's change it to never expire.

You can either make it per user:
Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true
Change to the user name (usually email address).
or all users:
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

change $true to $false if you want to set it to expire again:
One user -
Set-MsolUser -UserPrincipalName -PasswordNeverExpires $false
All users -
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $false

But we're not done yet!
Yes, we've made our changes, but we must not forget to close the session. As said on this page:
If you close the Windows PowerShell window without disconnecting from the server-side session, your connection will remain open for 15 minutes. Your account can only have three connections to the server-side session at one time.
Here's how we close our session:
Remove-PSSession $Session
$session is the parameter name we set when created the session.

Now we're done.
Hope it helped you guys!

No comments:

Post a Comment

Ansible and Jinja2: Check if variable is defined and it's True

Jinja2 provides you with a built in test: http://jinja.pocoo.org/docs/2.10/templates/#defined So you can simply use: However, if you...