NetNXT Logo

Set password expiration for users currently marked as 'Password Never Expires' in bulk

November 12, 2025
3 min read
ByNetNXT

Purpose

This guide walks you through the process of bulk updating password expiration settings in JumpCloud for users whose accounts are currently set with the Password Never Expires flag.

Using PowerShell automation, administrators can enforce consistent password policies across large user bases efficiently.

Step 1 – Install the JumpCloud PowerShell Module

For Windows

  1. Open PowerShell as Administrator.
  2. Run the following commands:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Install-Module JumpCloud
  1. If you encounter any issues, refer to the official JumpCloud PowerShell documentation or connect with our support experts.
  2. for assistance.

For macOS

  1. Download and install PowerShell from the official Microsoft link for macOS.
  2. Once installed, open PowerShell and execute:
Install-Module JumpCloud
  1. If you face installation errors or connectivity issues, reach out to experts.
  2. for troubleshooting help.

Step 2 – Connect PowerShell to JumpCloud

  1. Launch PowerShell as Administrator.
  2. Connect to JumpCloud using:
Connect-JCOnline
  1. When prompted, provide your JumpCloud API Key.
  • Store your key securely.
  • Avoid regenerating keys unnecessarily, as creating a new key invalidates previous ones.

Tip: If you’re new to connecting PowerShell with JumpCloud, review the process in the Bulk Add Users to JumpCloud Groups using PowerShell.

guide for context.

Step 3 – Set Password Expiration for Users in Bulk

To manage password expiration efficiently, start by creating a user group in JumpCloud that contains all accounts currently marked with “Password Never Expires.”

1. Create a Target User Group

  • Log in to the JumpCloud Admin Console.
  • Navigate to User Groups → Add Group.
  • Name the group (e.g., PasswordExpireGroup).
  • Add all users with the “Password Never Expires” setting enabled.

2. Disable “Password Never Expires” for the Group

Replace YOUR_GROUP_NAME in the following command with your actual group name (ensure no spaces in the name):

Get-JCUserGroupMember -GroupName YOUR_GROUP_NAME | % {Set-JCUser -UserID $_.UserID -password_never_expires $false}

This command loops through all users in the defined group and disables the Password Never Expires flag, effectively enabling password expiration.

3. Re-enable “Password Never Expires” (Optional)

If you need to reverse the setting for specific scenarios, use:

Get-JCUserGroupMember -GroupName YOUR_GROUP_NAME | % {Set-JCUser -UserID $_.UserID -password_never_expires $true}

This command re-enables the flag for all users within the specified group.

Validation and Review

After executing the commands:

  • Go to JumpCloud Admin Console → Users.
  • Review password policy settings for a few test accounts to ensure updates have applied correctly.
  • Confirm users are now adhering to your organization’s defined password expiration policy.

FAQs

1. Can I apply this script to multiple groups?

Yes. You can run the same PowerShell command for different group names, one at a time, to target multiple user segments.

2. What if my group name includes spaces?

Avoid spaces in group names when executing PowerShell scripts. Use hyphens or underscores instead (e.g., Password_Expire_Group).

3. Is it possible to automate this regularly?

Yes. You can schedule this PowerShell script via Windows Task Scheduler or macOS cron jobs to ensure ongoing compliance.

4. Does this impact SSO users or external directory syncs?

No. These changes apply only to local JumpCloud user accounts managed via PowerShell.

Was this article helpful?