Skip to content

Update-MgUser Setting password forcechangepassword false bug report #3270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wongcc2012 opened this issue Apr 12, 2025 · 6 comments
Closed

Update-MgUser Setting password forcechangepassword false bug report #3270

wongcc2012 opened this issue Apr 12, 2025 · 6 comments
Labels
Bug: PowerShell

Comments

@wongcc2012
Copy link

Describe the bug

When user signin, user forced to change password (your password is expired...)

Expected behavior

User sign in to O365 services without changing password.

How to reproduce

$UserPassProfile = @{
Password = $_.UserPass #Define password IN CSV file
ForceChangePasswordNextSignIn = $False #Change password True or False
}

Update-MgUser -UserId $_.UPN -PasswordProfile $UserPassProfile

(Setting a pre-defined password for a $UPN user, without enforced user change password when next sign in)

SDK Version

2.26.1

Latest version known to work for scenario above?

2.25.0

Known Workarounds

uninstall all graph.api powershell modules, install a older version

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_
@wongcc2012 wongcc2012 added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Apr 12, 2025
@timayabi2020
Copy link
Contributor

Hi @wongcc2012 please share the debug information by adding -Debug parameter at the end of the command

@timayabi2020 timayabi2020 added status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Apr 15, 2025
@wongcc2012
Copy link
Author

debug logging:

PS C:\Users\Administrator\Desktop\MGUserPass-UAT> $UPN = "b-xxxxxx12a3@xxxxxxxsoft.com"

#REQUIRED VARIABLES FOR MG SET PASSWORD
#Define PWD profile
$UserPassProfile = @{
Password = '(MyPasswordEncrypted)' #Define password IN CSV file
ForceChangePasswordNextSignIn = $False #Change password True or False
}

Update-MgUser -UserId $UPN -PasswordProfile $UserPassProfile -debug

DEBUG: [CmdletBeginProcessing]: - Update-MgUser begin processing with parameterSet 'UpdateExpanded'.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientSecret', ContextScope: 'Process', AppName:
'Powershell Graph API 2023xxxx'.
DEBUG: [Authentication]: - Scopes: [User.ReadWrite.All, Domain.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All,
Application.ReadWrite.All, Directory.ReadWrite.All, User.EnableDisableAccount.All,
DeviceManagementServiceConfig.ReadWrite.All, Organization.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All,
User.ManageIdentities.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All].

Confirm
Are you sure you want to perform this action?
Performing the operation "Update-MgUser_UpdateExpanded" on target "Call remote 'PATCH /users/{user-id}' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/v1.0/users/xxxxxx@xxxxxxsoft.com

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100;
en-US),PowerShell/5.1.26100.2161
SdkVersion : graph-powershell/2.26.1
client-request-id : d6d89551-c127-424f-a898-dce6d403a2b1

Body:
{
"passwordProfile": {
"password": "(MyPasswordEncrypted)"
}
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NoContent

Headers:
Strict-Transport-Security : max-age=31536000
request-id : 4c246b39-c682-4cbf-bb01-af0bd9a217f8
client-request-id : d6d89551-c127-424f-a898-dce6d403a2b1
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Southeast
Asia","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"SG1PEPF0000F080"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Tue, 15 Apr 2025 09:01:13 GMT

Body:

DEBUG: [CmdletEndProcessing]: - Update-MgUser end processing.
PS C:\Users\Administrator\Desktop\MGUserPass-UAT>

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 and removed status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close labels Apr 15, 2025
@timayabi2020
Copy link
Contributor

Thanks. Looks like its dropping the ForceChangePasswordNextSignIn property. This fix will be available by end of next week. Meanwhile you can try using Invoke-MgGraphRequest command.

Image

@wongcc2012
Copy link
Author

sorry I am not sure about how to use Invoke-MgGraphRequest with the HTTP REST API. I only work on powershell commands

@timayabi2020
Copy link
Contributor

Please update to the latest version 2.27.0

@wongcc2012
Copy link
Author

I have updated to v2.27.0 but it is still NOT working

Below is the transcript

Windows PowerShell transcript start
Start time: 20250421234511
Username: KW-W11-24H2-01\Administrator
RunAs User: KW-W11-24H2-01\Administrator
Configuration Name:
Machine: KW-W11-24H2-01 (Microsoft Windows NT 10.0.26100.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Process ID: 7396
PSVersion: 5.1.26100.2161
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.26100.2161
BuildVersion: 10.0.26100.2161
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Transcript started, output file is c:\PSLogging\PSGraphLog-MyTestTenant-20250421-234511.log
PS C:\Users\Administrator\Desktop\PS-O365-UAT> Get-InstalledModule

Version Name Repository Description

2.0.2.182 AzureAD PSGallery Azure Active Directory V2 General Availability M...
3.7.2 ExchangeOnlineManagement PSGallery This is a General Availability (GA) release of t...
2.27.0 Microsoft.Graph PSGallery Microsoft Graph PowerShell module
2.27.0 Microsoft.Graph.Applications PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Authentication PSGallery Microsoft Graph PowerShell Authentication Module.
2.27.0 Microsoft.Graph.BackupRestore PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Bookings PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Calendar PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.ChangeNotifications PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.CloudCommunications PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Compliance PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.CrossDeviceExper... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.DeviceManagement PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.DeviceManagement... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.DeviceManagement... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.DeviceManagement... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Devices.CloudPrint PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Devices.Corporat... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Devices.ServiceA... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.DirectoryObjects PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Education PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Files PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Groups PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Identity.Directo... PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Identity.Governance PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Identity.Partner PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Identity.SignIns PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Mail PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Notes PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.People PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.PersonalContacts PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Planner PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Reports PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.SchemaExtensions PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Search PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Security PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Sites PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Teams PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Users PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Users.Actions PSGallery Microsoft Graph PowerShell Cmdlets
2.27.0 Microsoft.Graph.Users.Functions PSGallery Microsoft Graph PowerShell Cmdlets
6.9.0 MicrosoftTeams PSGallery Microsoft Teams cmdlets module for Windows Power...
1.1.183.81 MSOnline PSGallery Microsoft Azure Active Directory Module for Wind...

INFO: Now removing previous Non Graph API sessions
INFO: Disconnected successfully !
Connecting to (ExchangeOnlineManagement) V2 and V3 - Modern AUTH service using admin@MyTestTenant.onmicrosoft.com
Connecting to (MicrosoftTeams) using admin@MyTestTenant.onmicrosoft.com
INFO: Loaded Module 'Microsoft.Teams.ConfigAPI.Cmdlets'

Connecting to (MSOnline) service using admin@MyTestTenant.onmicrosoft.com
Connecting to (AzureAD) or (AzureADPreview) using admin@MyTestTenant.onmicrosoft.com
WARNING: Install the latest PowerShell module, the Microsoft Graph PowerShell SDK, for new features and improvements! https://aka.ms/graphPSmigration
Account Environment Tenant TenantId

admin@MyTestTenant.onmicrosoft.com AzureCloud 57bc67d6-896b-4491-962b-d21488f13931 57bc67d6-896b-4491-962b-d21488f13931
admin@MyTestTenant.onmicrosoft.com AzureCloud 57bc67d6-896b-4491-962b-d21488f13931 57bc67d6-896b-4491-962b-d21488f13931
Disconnecting Previous connected Graph API sessions silently
INFO: Now Connecting to tenant: (MyTestTenant.onmicrosoft.com), please wait...
Welcome to Microsoft Graph!

Connected via apponly access using 10fde85e-e0c5-4442-bfe9-352c7b8ded47
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs

NOTE: You can use the -NoWelcome parameter to suppress this message.
INFO: You are connected to the tenant: MyTestTenant DEMO UAT Site DEMO USE AND TESTING
INFO: The Default fallback domain is: MyTestTenant.onmicrosoft.com
MSG: You have the below permission granted, if more permission is needed please go to Azure portal and use the app registration feature...
User.ReadWrite.All
Domain.ReadWrite.All
DelegatedPermissionGrant.ReadWrite.All
Application.ReadWrite.All
Directory.ReadWrite.All
User.EnableDisableAccount.All
DeviceManagementServiceConfig.ReadWrite.All
Organization.ReadWrite.All
DeviceManagementManagedDevices.ReadWrite.All
User.ManageIdentities.All
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementApps.ReadWrite.All
Script: (Import Session) finished at: 21-Apr-25 23:45:39 / Time Elapsed: 00:00:28.8088490

PS C:\Users\Administrator\Desktop\PS-O365-UAT> Get-MgUser

DisplayName Id Mail

#00-20241203a af35eb19-73a5-4a17-9b3e-cbcc21b0321e 20241203a@MyTestTenant.onmicros...
#NESSUS TAY POC NES NESSUS 2024a 6cad08e8-d83c-4c92-8e7e-5b54a498cc77 835a193d-1344-4ab5-8e0c-7...
A-PST-20250402a 70df0b71-042a-4abc-b1cc-793cc6a33e23 A-PST-20250402a@MyTestTenant.on...
A-PST-20250404a 581bb593-4ae5-42b2-8e39-0264cec06ea4 A-PST-20250404a@MyTestTenant.on...
A-PST-20250410a 2788dcd2-2d92-4407-91cf-0104b6c21a42 A-PST-20250410a@MyTestTenant.on...
A-PST-20250410b a54fd93f-44db-4e62-85eb-57426508d579 A-PST-20250410b@MyTestTenant.on...
A-PST-20250410c 94b38cef-4c03-4bd2-94fc-c9fd64bc4b4f A-PST-20250410c@MyTestTenant.on...
A-PST-20250410d a7a9e861-8592-4c4f-9e9c-c9f18991ce39 A-PST-20250410d@MyTestTenant.on...
#a20250421a 2afe619a-a68c-494a-8e06-bec07575f12b
#a20250421b 8ae65ed1-c176-4c01-847b-639c4e45d8f1
#a20250421c c138d9ea-1f11-4c2f-b1ca-a3337ff97612

PS C:\Users\Administrator\Desktop\PS-O365-UAT> $UPN = "a20250421a@MyTestTenant.onmicrosoft.com"
PS C:\Users\Administrator\Desktop\PS-O365-UAT> $UserPassProfile = @{
Password = "XXXXXX" #Define password IN CSV file
ForceChangePasswordNextSignIn = $False #Change password True or False
}
PS C:\Users\Administrator\Desktop\PS-O365-UAT> Update-MgUser -UserId $UPN -PasswordProfile $UserPassProfile
PS C:\Users\Administrator\Desktop\PS-O365-UAT> Update-MgUser -UserId $UPN -PasswordProfile $UserPassProfile -Debug
DEBUG: [CmdletBeginProcessing]: - Update-MgUser begin processing with parameterSet 'UpdateExpanded'.
Confirm
Continue with this operation?
&Yes Yes to &All &Halt Command &Suspend
A
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientSecret', ContextScope: 'Process', AppName: 'Powershell Graph API 2023xxxx'.
DEBUG: [Authentication]: - Scopes: [User.ReadWrite.All, Domain.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All, Directory.ReadWrite.All, User.EnableDisableAccount.All, DeviceManagementServiceConfig.ReadWrite.All, Organization.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, User.ManageIdentities.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All].
Confirm
Are you sure you want to perform this action?
Performing the operation "Update-MgUser_UpdateExpanded" on target "Call remote 'PATCH /users/{user-id}' operation".
&Yes Yes to &All &No No to A&ll &Suspend
A
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/v1.0/users/a20250421a@MyTestTenant.onmicrosoft.com

Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-US),PowerShell/5.1.26100.2161
SdkVersion : graph-powershell/2.27.0
client-request-id : a8af56fd-ca17-4076-b30d-7d1c245b8e24

Body:
{
"passwordProfile": {
"forceChangePasswordNextSignIn": false
}
}
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NoContent

Headers:
Strict-Transport-Security : max-age=31536000
request-id : 6bb8889b-204d-40fd-acf3-ad2e95b7233c
client-request-id : a8af56fd-ca17-4076-b30d-7d1c245b8e24
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"SI1PEPF00020D80"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Mon, 21 Apr 2025 15:46:11 GMT

Body:
DEBUG: [CmdletEndProcessing]: - Update-MgUser end processing.
PS C:\Users\Administrator\Desktop\PS-O365-UAT> Stop-Transcript

Windows PowerShell transcript end
End time: 20250421234628

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug: PowerShell
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timayabi2020 @wongcc2012