Generating Strong Random Password with PowerShell

When creating new user accounts in Active Directory, the administrator sets a unique initial password for each account and asks the user to change this password (usually, the administrator asks the first time the user logs in to change this password using the user must change the password at the next login AD userAccountControl attribute). If you don’t want to invent a new random password for each user or use a PowerShell script to create AD accounts, you can use a simple PowerShell script to automatically generate unique passwords.

You can use the GeneratePassword method of the System.Web.Security.Membership class of .NET to generate a password. Let’s generate a highly random password using the following PowerShell commands:

# Import System.Web assembly
Add-Type -AssemblyName System.Web
# Generate Random Password

security class security class

You can use the GeneratePassword method to generate a password of up to 128 characters. The method uses two initial parameters: the length of the password (8 characters in my case) and the minimum number of non-alphabetic or non-numeric special characters, such as B. !, -, $, &, @, #, %, etc.. (2 special characters). As you can see, the following password has been generated for me based on these arguments: QX.9ogy: It is not recommended to use more than one or two special characters in the user’s password, otherwise the user will not be able to enter it correctly (e.g. k};E^]$|).

If you want to use the PowerShell New-ADUser cmdlet to create new users and assign unique passwords to them, use the following commands:

Add-Type -AssemblyName System.Web
New-ADUser -Name John Smith -GivenName John -Surname Smith -SamAccountName john.smith -UserPrincipalName [protected by email] -Path OU=Uers,OU=corp,DC=contoso,DC=com -AccountPassword ([System.Web.Security.Membership]::GeneratePassword(8,2) -ChangePasswordAtLogon $true -Included $trueThe GeneratePassword method can also be used to reset passwords for Active Directory users.

If your organization has a strict password policy, it is possible that the password generated by GeneratePassword does not match the password policy of your AD domain. Before setting a password for a user, make sure that it complies with the password complexity policy. Of course it is not necessary to check the length and if the username is included in the password. You can check that the password meets at least 3 policy requirements The password must meet the complexity requirements (the password must contain at least 3 types of characters from the following list: Numbers, lower case, upper case and special characters). If the password verification fails, you must generate it again.

I have written a small PowerShell script that generates a new random password and checks if it meets the required password complexity:

GenerateStrongPassword function ([Parameter(Mandatory=$true)][int]$PasswordLengthht)
Add-Type -AssemblyName System.Web
$PassComplexCheck = do $false
$newPassword=[System.Web.Security.Membership]: :GeneratePassword($PasswordLenght,1)
If (($newPassword -match [A-Zp{Lu}s]) `
-en ($newPassword -cmatch [a-zp{Ll}s]) `
-en ($newPassword -match [d]) `
-.ones ($newPassword -match [^w])
} While ($PassComplexCheck -eq $false)
returns $newPassword

To generate a password consisting of 5 characters and at least one special character, execute this command:

Generate a strong password (5)


This script always creates a password that matches your AD password complexity policy.

Related Tags:

powershell passphrase generator,powershell .net generate password,powershell core password generator,powershell automatic password,get-randomcharacters powershell,powershell get-random,get-temppassword,powershell random number generator,windows generate random password,numberofnonalphanumericcharacters,generatepassword() powershell,powershell password generator one line,new azureaduser random password,powershell generate random string,password generator script,random complex password generator,azure key vault generate random password,powershell create ad user with random password,random password generator powershell,powershell 7 generate random password,powershell generate random alphanumeric string,script to generate random password,powershell core generate random password