8

Force password change for all users in Office 365

 3 years ago
source link: https://www.michev.info/Blog/Post/1419/force-password-change-for-all-users-in-office-365
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Force password change for all users in Office 365

​This seems to be a frequent request, so here’s how to do it. To force a user to change his password on next login, without actually changing the password on his behalf:

Set-MsolUserPassword -UserPrincipalName user@domain.com -ForceChangePasswordOnly $true -ForceChangePassword $true

To force all users to change their password:

Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true

To force a group of users to change their passwords:

Get-MsolUser -All | ? {$_.Country -eq "USA"} | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true

Or use any other criteria, as appropriate. Note that you have to use both the ForceChangePassword and ForceChangePasswordOnly parameters. If you skip the ForceChangePasswordOnly, a new password will be generated for the user and you will need to distribute it.

Speaking of this scenario, here’s an old script I used to reset passwords in the format used by Office 365 (i.e. 8 char password, starting with a Capital letter, three lowercase letters and four numbers):

$users = Get-MsolUser –All
$arrMsolUserData = @()
foreach ($user in $users) {
if ($user.UserPrincipalName -eq "[email protected]") { continue; }
$objProperties = New-Object PSObject
$Password = ""
$Password += ([char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZ" | Get-Random)
$Password += $(1..3 | % { [char[]]"abcdefghijklmnopqrstuvwxyz" | Get-Random }) -join ""
$Password += $(1..4 | % { [char[]]"0123456789" | Get-Random }) -join ""
Set-MsolUserPassword -UserPrincipalName $user.UserPrincipalName -NewPassword $Password -ForceChangePassword $false
Add-Member -InputObject $objProperties -MemberType NoteProperty -Name "UserPrincipalName" -Value $user.UserPrincipalName
Add-Member -InputObject $objProperties -MemberType NoteProperty -Name "Password" -Value $Password
$arrMsolUserData += $objProperties
}
$arrMsolUserData
$arrMsolUserData | Export-Csv -Path "C:\passwords.csv" –NoTypeInformation

You can exclude the admin account or just filter out the users you need instead of using All. The list of users and new passwords will be exported to CSV, which you can use to redistribute them. Have fun 🙂


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK