Office 365 : How to force users to change their password

We will see here how to force users to change their Office 365 password.

First we will see how to do it for one account then we will see how to do it for multiple accounts.

Install Prerequisites

We will need MSOnline module to connect to Office 365 with PowerShell.

  • Open a PowerShell prompt with administrator rights :
Windows | Open Windows PowerShell with administrator rights
  • Install MSOnline module :
PS C:\ > Install-Module -Name MSOnline
PowerShell | Installing MSOnline module

Connect to Office 365

  • Use Connect-MsolService to open the Microsoft Office 365 sign in window :
PS C:\ > Connect-MsolService
  • Sign in with an admin account :
PowerShell | Connect-MsolService, Sign in Window
  • Enter password :
PowerShell | Connect-MsolService, Enter Password Window

Reset user password

Force new password

  • With this command we can set a password for a user :
    • -ForceChangePassword : Indicates whether the user must change the password the next time they sign in
PS C:\ > Set-MsolUserPassword -UserPrincipalName user@shebangthedolphins.net -NewPassword NewPassw0rd -ForceChangePassword $False

Force user to change password at next logon

  • After this command, the update password procedure will happen next time user will connect (it will be slower to apply with Outlook clients because it uses a cache mechanism) :
    • -ForceChangePassword : Indicates whether the user must change the password the next time they sign in
    • -ForceChangePasswordOnly : prevents the command Set-MsolUserPassword from generating a random password (source)
PS C:\ > Set-MsolUserPassword -UserPrincipalName user@shebangthedolphins.net -ForceChangePasswordOnly $true -ForceChangePassword $true

Misc

  • If you want to search for a user :
PS C:\ > Get-MsolUser -SearchString cartman
PowerShell | Get-MsolUser, Search for a user
  • Extract every licenced users to a text file :
PS C:\ > Get-MsolUser | Where-Object {$_.islicensed} | Select-Object UserPrincipalName | Sort-Object UserPrincipalName > c:\users.txt
Office365 | notepad whith users accounts

PowerShell Script to force users to change their password

If we want to force a large number of users to change their password we can use a powershell script.

  • First create a C:\users.txt file where you will put users names :
Office365 | notepad whith users accounts
  • Run this PowerShell script to force users to change their password :
###########################
# author : shebangthedolphins.net
# version : 1.0
# date : 2021.04
# role : force users from a text file to change their Office 365 password
# other : create a C:\users.txt file where you will put users
# updates :
#       - 1.0 (2021/03) : First Version
Connect-MsolService
$file = "C:\users.txt"

ForEach ($line in (Get-Content -Path $file)) {
    Write-host "Set-MsolUserPassword -UserPrincipalName" $line.Replace(' ','') "-ForceChangePasswordOnly $true -ForceChangePassword $true"
    Set-MsolUserPassword -UserPrincipalName $line.Replace(' ','') -ForceChangePasswordOnly $true -ForceChangePassword $true
}
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :