quinta-feira, 16 de março de 2017

Creating Office 365 Random Passwords

If you aren’t using a password synchronization tool with Office 365, such as Windows Azure Directory Sync with Password Sync, Office 365 will randomly generate temporary passwords. This works out fine if the person using the mailbox is setting up their own account in Outlook and on mobile devices. Since ForceChangePassword attribute defaults to true, they are required to change their password the first time they log in. This is a great way to ensure that the passwords stay secure.
But what happens if an IT staff is setting up Outlook and mobile devices, and needs a way to quickly set up Outlook accounts? You could quickly set all of the passwords to one password. All this requires is a CSV of the mailboxes, and this handy PowerShell command:
Import-Csv .new-passwords.csv | foreach {Set-MsolUserPassword -UserPrincipalName $_.email -NewPassword “Passw0rd.” -ForceChangePassword $false}
This is not secure. If everyone knows what the initial password is, one could easily snoop around their colleagues’ emails, spoiling surprise birthday parties or worse.
If you need to set unique, complex passwords for multiple mailboxes, you can easily generate unique random passwords in Excel, and export them to a CSV file. PowerShell can then be used to update a group of mailbox passwords.
Here’s an overview of the process:
  1. Create an Excel file, and label column one email and column two passwords
  2. Add the email addresses to the first column and the random character generator code in the second column (see below)
  3. Export the sheet as a CSV file, and name it new-passwords.csv
    • The random character formula won’t be exported, only the generated passwords.
    • Note: Each time you modify or change the file, it generates all new passwords, so be sure to save the CSV file.
  4. Use Powershell to set the new passwords
Here’s the Excel formula:
This formula will create an 8 character password, with 4 letters and 4 numbers, similar to the temporary passwords that Office 365 initially creates.
=CHAR(RANDBETWEEN(65,65+25))&CHAR(RANDBETWEEN(97,122))&CHAR(RANDBETWEEN(97,122))&CHAR(RANDBETWEEN(97,122))&RANDBETWEEN(0,9)&RANDBETWEEN(0,9)&RANDBETWEEN(0,9)&RANDBETWEEN(0,9)
Use PowerShell to connect to Office 365. Be sure that the csv file is in the PowerShell working directory.
Be sure to test first:
  • Use the –WhatIf modifier to test
  • You can also run it on one account to test. Use a CSV file with one mailbox, and confirm that everything works.
Run the following:
Import-Csv .new-passwords.csv | foreach {Set-MsolUserPassword -UserPrincipalName $_.email -NewPassword $_.passwords -ForceChangePassword $false -WhatIf}
Once you’ve tested, remove the –WhatIf:
Import-Csv .passwords-new.csv | foreach {Set-MsolUserPassword -UserPrincipalName $_.email -NewPassword $_.passwords -ForceChangePassword $false}
This will quickly set unique and complex passwords on all the mailboxes, all with ForceChangePassword set to $false, and a spreadsheet with all the passwords available.