blog.powershell.no

On Windows PowerShell and other admin-related topics

Generate random passwords for Active Directory users

Lately I had the need to create a random password for each user in a specified OU in an Active Directory environment.
I accomplished this by using Windows PowerShell and the system.random .Net-class combined with Quest`s ActiveRoles Management Shell for Active Directory.

The script are uploaded to PoshCode, and available from here.

What I would like to add, is the encryption of the $password variable. If you have some good ideas on how to accomplish this, suggestions are welcome in the Comments-section below.

Advertisements

August 22, 2009 - Posted by | Active Directory management, Scripting

2 Comments »

  1. Could you store the $password in the TPM chip ?

    http://msdn.microsoft.com/en-us/library/aa376205(VS.85).aspx is the closest i find.

    You might also use an smart card, as they have true random generators you might enjoy.

    Comment by tigerbimmer | August 26, 2009 | Reply

  2. I was actually thinking about using the ConvertTo-SecureString cmdlet (http://technet.microsoft.com/en-us/library/dd347656.aspx), but using the TPM might not be a bad idea. I`ll see what I`m able to accomplish.

    Comment by Jan Egil Ring | August 26, 2009 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: