Microsoft Dynamics CRM Online user accounts are managed through the Office 365 portal. It might be a requirement is some scenarios, to use some of the user accounts, as service accounts e.g. a customer facing portal talking to CRM using this specific account.
The default password policy for Office365 user accounts can be found in the Service Settings area.
The user notification that gets sent after the password expires is not an email notification, as one would expect, but a notification they see after signing in. Here is the relevant bit from Office365 help:
How are users notified that their password will expire?
Users see a message whenever they sign in, starting at the number of days before password expiration that you specified. The message shows the number of days left before the password expires and gives a link to the Change password page. For more information, see Change your password.
Since the service account is not used for logging in, and is used only for integration with CRMOnline, this message will never been seen. Hence the user account password nearing expiry can go unnoticed, until it is too late. To make a user account password as “Never Expires”, please follow this process below:
1.) Install Powershell, if it not already installed
2.) Install Microsoft Online Services SignIn Assistant http://www.microsoft.com/en-au/download/details.aspx?id=28177
3.) Install Windows Azure Active Directory Module for Powershell
- 32 bit – http://go.microsoft.com/fwlink/p/?linkid=236298
- 64 bit – http://go.microsoft.com/fwlink/p/?linkid=236297
If you are unable to install this please refer to http://social.msdn.microsoft.com/Forums/windowsazure/en-US/46a38822-28a4-4abb-b747-96f7db2a2676/cannot-install-azure-active-directory-module-for-windows-powershell-mossia-is-not-installed?forum=WindowsAzureAD and install the Beta version of the Online Services SignIn Assistant
4.) Open the Windows Azure Active Directory Module for Powershell
5.) Type Connect-MsolService, press Enter and type in your credentials for the CRMOnline instance
6.) Type Get-MsolUser -UserPrincipalName | Select PasswordNeverExpires to get the current status of the PasswordNeverExpires setting
7.) Type Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true to set the PasswordNeverExpires setting to True.
8.) Confirm if the command has worked correctly.
Here is the screenshot of all the operations:
Now, the password for this user account will not expire, and can be used for integration purposes indefinitely.