UPDATED: Setup Non-Interactive User with Non-Expiring Password
Views (651)
jestuder
158
Like
Share
Report
A while ago, I wrote a blog post on setting up a non-interactive user with a non-expiring password. Since writing that post, the process has changes and I couldn't find much documentation on the process. The part of setting up the non-interactive user hasn't changed:
Setup Non-Interactive User:
But, the process for setting up a non-expiring password has: To make this easy I created a small PowerShell Script. The script is below. Simply change the the part for the $UserEmail to the account you want to set. What the script does is connect the user to Azure, you will need to be a global admin. Teh checks the password policy for the user. Then it updates the policy and shows you that it was changed. Here is a link to the Microsoft article that I referenced when doing this. I do want to point out that you should check the warning at the bottom of that article.
Setup Non-Interactive User:
- Create a user in the Office 365 admin center. Be sure to assign a Dynamics 365 (online) license to the account.
- Go to Dynamics 365 (online).
- Go to Settings > Security.
- Choose Users > Enabled Users, and then click a user’s full name.
- In the user form, scroll down under Administration to the Client Access License (CAL) Information section and select Non-interactive for Access Mode. You then need to remove the Dynamics 365 (online) license from the account.
- Go to the Office 365 admin center.
- Click Users > Active Users.
- Choose the non-interactive user account and under Product licenses, click Edit.
- Turn off the Dynamics 365 (online) license, and then click Save > Close multiple times.
- Go back to Dynamics 365 (online) and confirm that the non-interactive user account Access Mode is still set for Non-interactive.
- In CRM assign a role to the user account.
But, the process for setting up a non-expiring password has: To make this easy I created a small PowerShell Script. The script is below. Simply change the the part for the $UserEmail to the account you want to set. What the script does is connect the user to Azure, you will need to be a global admin. Teh checks the password policy for the user. Then it updates the policy and shows you that it was changed. Here is a link to the Microsoft article that I referenced when doing this. I do want to point out that you should check the warning at the bottom of that article.
$UserEMail = "<Replace with e-mail>"
Connect-AzureAD
Get-AzureADUser -ObjectId $UserEMail | Select-Object UserprincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
Set-AzureADUser -ObjectId $UserEMail -PasswordPolicies DisablePasswordExpiration
Get-AzureADUser -ObjectId $UserEMail | Select-Object UserprincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
This was originally posted here.
*This post is locked for comments