Archive for the ‘Exchange’ Category

Office 365 PowerShell Script to Set PasswordNeverExpires for All Members of Group

I had a need to set all members of a group so that their Office 365 (aka Microsoft Online) passwords never expire.  Didn’t take too long but I though it was worth sharing.  I also added output to show the setting was changed.  This could certainly be prettier but it is what it is.


  • This requires you to have the Office 365 Powershell cmdlets installed, which also required the Online Services Sign-in Agent to work. See this article for instructions.
  • You need admin credentials to your Office 365 account.
  • The script references the ObjectID of the Office 365 Group whose members you wish to change.  To get this you need to connect to Office 365 and use the Get-MsolGroup command. Below is a code snippet showing how.
import-module MSOnline

Output will look something like below.


The below would need to be saved as a .ps1 file.  The Object ID (shown in red #’s below) would need to be changed to match that of the desired group

import-module MSOnline
### Get All the Members of the Group
$agents=Get-MsolGroupMember -GroupObjectId  ########-####-####-####-############
### Set PasswordNeverExpires to true for all members of the group.
Foreach ($agent in $agents ) {
Set-MsolUser -ObjectID $agent.ObjectID -PasswordNeverExpires $true
$postChangeAgent = Get-MsolUser -ObjectID $agent.ObjectID
Write-Host “User: ” $postChangeAgent.UserPrincipalName “PasswordNeverExpires:” $postChangeAgent.PasswordNeverExpires

Note: The line beginning with “Write Host” wraps. The end of that line in your script is the $postChangeAgent.PasswordNeverExpires

Cudos and References

Thanks to JoshT_MSFT @ the Office365 Technical Blog for the following article which pointed me in the correct direction.


Exchange 2010 Missing Server Configuration in EMC

Just worked on a test(luckily) Exchange 2010 server with a customer.  When they opened the Exchange Management Console, the Server Configuration was missing and they couldn’t change the properties of any the mailboxes. When they opened the mailbox properties they saw these little lock symbols all over the place.

When they ran the command “Get-Mailbox” in the Exchange Management Shell, they only saw a single mailbox.

So we tried all sorts of things. Then they mentioned the installed Outlook on the server and set it up to access a mailbox. Just happened to be the   I tried deleting the mail profile, uninstalling Outlook, logging off and back in, no dice.  Then I found out that Windows caches credentials and you have to clear those out using the below procedure:

  1. Open a command prompt using “Run as Administrator”
  2. Run the command “control keymgr.dll”
  3. Click “Back up vault” and follow the prompts to back everything up.
  4. Find and remove all credentials that have to do with Exchange or the user setup for Outlook.

After that everything returned to normal.

So if you want Outlook on an Exchange server use OWA.