Azure AD Disable Password Expiration

Imagine you had a specific user setup (a service account) to run all your Azure Automation runbooks. Then all of a sudden things stopped working, no runbooks worked anymore. You then troubleshoot and find that the password for the Azure AD account used in your runbooks has expired.

By default when creating Azure AD account the password is set to expire and if you try to logon to PowerShell with an account which has an expired password, this is what you would see:

Login-AzureRmAccount : AADSTS50055: Password is expired

Previously this was fixed using the old MSOLUser cmdlets:

Set-MsolUser -UserPrincipalName powershell@<tenant>.onmicrosoft.com -PasswordNeverExpires $True

This can now be easily fixed with the new Azure AD PowerShell module. The script below walks you through the process.

As a tip, you can get the Tenant ID when logging on to Azure in PowerShell using Login-AzureRmAccount or selecting a particular Azure subscription Select-AzureRmSubscription. However, this only logs you into your Azure subscription, not Azure AD, why you have to run the cmdlet below Connect-AzureAD in the script separately to logon to Azure AD.

Categories: Azure · PowerShell

One Comment

  1. Eric Author
    February 1, 2018 at 2:58 am

    Thanks for the help, I hope one day they will do the same for MFA settings. The MSOL cmdlets are the worst thing I have ever been forced to deal with.

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s