How to check if password expiry is disabled for a user in azure ad

Question

I have a python code through which I am creating user in azure ad. Below is the code:

headers = {'Authorization': 'Bearer ' + token, 'Content-Type': 'application/json'}
user_data = {
    "accountEnabled": True,
    "displayName": new_username,
    "mailNickname": new_username,
    "userPrincipalName": new_username + "@" + config_data['TENANT_NAME'],
    "passwordPolicies": "DisablePasswordExpiration",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": False,
        "password": raw_data['Password']
    }
}
jdata = json.dumps(user_data)

conn = http.client.HTTPSConnection('graph.microsoft.com')
conn.request("POST", "/v1.0/users", jdata, headers)

In above user_data, you can see I have set "passwordPolicies": "DisablePasswordExpiration" so that the password never expires. Now I want to validate if the users created have password expiration disabled.

To do this obviously I cannot wait for 3months as passwords normally expires in 3months. So is there any other way in azure ad through which I can check some properties of the user and check the password expiration. Please help. Thanks

score 0 · Answer 1 · edited Aug 09 '21 at 19:39

0

I have resolved this.

Open Windows PowerShell as adminstrator
Run Connect-AzureAD

Run command

Get-AzureADUser -ObjectId testuser@<tenant_name>  | Select-Object @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}}

edited Aug 09 '21 at 19:39

marc_s

732,580
175
1,330
1,459

answered May 19 '21 at 14:05

S Andrew

5,592
27
115
237

How to check if password expiry is disabled for a user in azure ad

1 Answers1