Set ForceChangePasswordNextLogin to False for bulk users in Azure AD

Hello All,

Hope all of you are staying safe from #COVID19 Crisis,

Recently, due to COVID19 situation we start see some customers who never use Azure AD before to start using it in order to allow working or learning remotely,

Some, of our customers especially the education sectors, start to implement a Cloud only environments ( No Sync from on-premises infrastructure), this means that the Admins using one of the ways that we have in order to create the users directly on Azure AD.

I see little challenge specially for Education sector as following:

The admin has a list of users in CSV file which include the passwords that will be assigned to students, then they import the CSV file in Azure AD and create the users, till now everything is OK.

Azure AD and due to security reason it will ask each user to reset his password at the first login, also it require the password to be a complex one which should include for example: Capital letters, Special Char., numbers…etc.

it may hard for the student to understand this, or they may face some difficulties to change their passwords at the first login, hence I don’t recommend at all to try bypassing this requirement, but still there is a way to do it.

In order to disable the requirement of changing password at the first login, you need to Create a password profile in Azure and set ForceChangePasswordNextLogin to False, here you will be in one of two situations as below:

1- You just created the users in Azure AD with Random passwords generated by Azure AD, in this scenario you don’t have the passwords of the users.

2- You created the users, you select their passwords, You know the passwords here.

We developed a small script that can help in both scenarios to set ForceChangePasswordNextLogin to False by reading a CSV file which Include the Usernames and passwords, the script simply will reset the passwords based on the csv file and disable the  ForceChangePasswordNextLogin feature.

How to user the script:

Download the sample CSV file from here:

Add all you usernames and passwords like the sample data in the CSV file, if you don’t have the users in CSV file, you can download them from Azure AD portal as described here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/users-bulk-download

You can create new passwords for the users in case of scenario #1, or use the same passwords in case of scenario #2.

Your CSV file will look like this (make sure NOT to change the Headers of the CSV file):


once you finish, make sure that the file exist in your C drive under temp folder, if temp folder not exist already then create it and put the CSV file inside it, sorry I didn’t have a time to modify the script to make it flexible to prompt you to select the location 🙂 Apologize for that.

File Name and  File location are very important to be the same as appearing below:

 

Then you need to run the script, simple the script will read all records in the CSV file, then it will reset the password based on the values in the CSV file, then set the ForceChangePasswordNextLogin  to FALSE.

Make sure to test this script in your testing environment before production, using this Script means that you agree that I take no any responsibility on the results of this script, I did it in my best efforts and testing in my Lab.

 

Download the Script from Here: ForceChangePasswordNextLogin_To_False_Bulk_Script (446 downloads)   , Make sure to change the extension of this file from TXT to PS1

Download the Sample CSV file from here:  CSV_Users_List_Sample V1 (297 downloads)  , Make sure after editing the file and before use it with the script to change the extension from TXT to CSV

Note: This script for only Cloud users, means it works with the users which created directly in Azure AD, it will not work with Synced users from Local AD.

leave a comment if you have any feedback.

Ahmad Yasin is a Technical Adviser at Microsoft in Azure identity Team and the Owner & publisher of AzureDummies blog. He also holds many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions, office 365, Azure Security Specialist.

Find Ahmad at Facebook and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.