Generating Strong Random Password with PowerShell

When creating new consumer accounts in Active Directory, an administrator units a singular preliminary password for every account and tells it to a consumer (often on the first logon a consumer is prompted to alter this password by the choice “User should change password at subsequent logon” of the AD attribute). If you do not need to invent a brand new random password for every consumer or you might be utilizing a PowerShell script to create AD accounts, you’ll be able to generate distinctive passwords mechanically utilizing a easy PowerShell script.

To generate a password, you should utilize the GeneratePassword methodology from the System.Web.Security.Membership class of .NET. Let’s generate a powerful random password utilizing the next PowerShell instructions:

# Import System.Web meeting
Add-Type -AssemblyName System.Web
# Generate random password

powershell GeneratePassword using the System.Web.Security class

The GeneratePassword methodology permits to generate a password as much as 128 characters. The methodology makes use of two preliminary parameters: the password size (eight characters in my case) and the minimal variety of non-alphabetical or non-numerical particular characters, like !, -, $, &, @, #, %, and so on(2 particular characters). As you’ll be able to see, in line with these arguments the next password has been generated for me: QX.9ogy:

It shouldn’t be beneficial to make use of multiple or two particular characters in a consumer password, in any other case a consumer received’t be capable to kind it with out errors (like okay};E^]$|).

Thus, in the event you create new customers with the PowerShell cmdlet and wish to set distinctive passwords for them, use the next instructions:

Add-Type -AssemblyName System.Web
New-ADUser -Name "Jeremy Irons" -GivenName "Jeremy" -Surname "Irons" -SamAccountName "jirons" -UserPrincipalName "[email protected]" -Path "OU=Users,OU=Glasgow,OU=UK,DC=woshub,DC=com" –AccountPassword ([System.Web.Security.Membership]::GeneratePassword(eight,2)) -ChangePasswordAtLogon $true -Enabled $true

If your organization is utilizing a powerful password coverage, in some circumstances a password generated with the GeneratePassword methodology might not meet the necessities of your . Prior to setting a password to a consumer, you’ll be able to be sure that it complies with the password complexity coverage. Of course, it doesn’t make sense to test its size and the presence of username in a password. You might test if the password meets no less than three necessities of the “Password should meet complexity necessities” coverage (the password should comprise no less than three varieties of characters from the next record: numbers, lower-case characters, UPPER-case characters, and particular characters). If the password test failed, you would need to re-generate it.

I’ve written a small PowerShell script that generates a brand new random password and checks if it meets the password complexity requirement:

Function GenerateStrongPassword ([Parameter(Mandatory=$true)][int]$PasswordLenght)

To generate a password having 5 characters and no less than one particular character, run this command:

GenerateStrongPassword (5)

powershell function GenerateStrongPassword and check it comliance with the domain password policy

This script will at all times create a password that meets your AD password complexity coverage.

Check Also

Configuring Network Adapter Settings with PowerShell: IP Address, DNS, Default G…

In this text we’ll present you find out how to configure community adapter parameters in …

Leave a Reply

Your email address will not be published. Required fields are marked *