How to check the password expiration policy for users in AzureAD
What you will learn:This post will teach you how to check the password expiration policy for your users in AzureAD.
Step by step on how to check the password expiration policy:First of all, it is necessary to connect to Azure AD from PowerShell with the command below.
- Run PowerShell as administrator then Run the Connect-AzureAD cmdlet to connect an authenticated to Azure Active Directory.
- Enter your Azure administrator username
- Click next
- Enter your password Azure administrator password
This command connects the current PowerShell session to an Azure Active Directory tenant. The command prompts you for a username and password for the tenant you want to connect to. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication. To learn more about the Connect-AzureAD cmdlet check the Microsoft documentation.
If you connected successfully to AzureAD it should display the message below.
Now that you are connected to the AzureAD you have two options; We can ran a command to check the Password never expires setting for an individual user accountor to list the settings for all user accounts.
To see if a single user’s password is set to never expire, run the following cmdlet by using the UPN (example, test@tecknowledgebase.com) or the user ID of the user you want to check:
Get-AzureADUser -ObjectId test@tecknowledgebase.com | Select-Object @{N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}}
To see all users’s Password never expires setting, run the following cmdlet:
Get-AzureADUser -All $true | Select-Object UserPrincipalName, @{N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}}
After you finish working with AzureAD remember to Disconnect your session from the tenant.Use the Disconnect-AzureAD cmdlet which disconnects the current session from the Azure Active Directory tenant.
Comments ()