Azure AD Disable Password Expiration

Imagine you had a specific user setup (a service account) to run all your Azure Automation runbooks. Then all of a sudden things stopped working, no runbooks worked anymore. You then troubleshoot and find that the password for the Azure AD account used in your runbooks has expired.

By default when creating Azure AD account the password is set to expire and if you try to logon to PowerShell with an account which has an expired password, this is what you would see:

Login-AzureRmAccount : AADSTS50055: Password is expired

Previously this was fixed using the old MSOLUser cmdlets:

Set-MsolUser -UserPrincipalName powershell@<tenant>.onmicrosoft.com -PasswordNeverExpires $True

This can now be easily fixed with the new Azure AD PowerShell module. The script below walks you through the process.

As a tip, you can get the Tenant ID when logging on to Azure in PowerShell using Login-AzureRmAccount or selecting a particular Azure subscription Select-AzureRmSubscription. However, this only logs you into your Azure subscription, not Azure AD, why you have to run the cmdlet below Connect-AzureAD in the script separately to logon to Azure AD.

Azure PowerShell

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: