On Windows PowerShell and other admin-related topics

Generate random passwords for Active Directory users

Lately I had the need to create a random password for each user in a specified OU in an Active Directory environment.
I accomplished this by using Windows PowerShell and the system.random .Net-class combined with Quest`s ActiveRoles Management Shell for Active Directory.

The script are uploaded to PoshCode, and available from here.

What I would like to add, is the encryption of the $password variable. If you have some good ideas on how to accomplish this, suggestions are welcome in the Comments-section below.


August 22, 2009 - Posted by | Active Directory management, Scripting


  1. Could you store the $password in the TPM chip ? is the closest i find.

    You might also use an smart card, as they have true random generators you might enjoy.

    Comment by tigerbimmer | August 26, 2009 | Reply

  2. I was actually thinking about using the ConvertTo-SecureString cmdlet (, but using the TPM might not be a bad idea. I`ll see what I`m able to accomplish.

    Comment by Jan Egil Ring | August 26, 2009 | Reply

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: