Lately I had the need to create a random password for each user in a specified OU in an Active Directory environment.
I accomplished this by using Windows PowerShell and the system.random .Net-class combined with Quest`s ActiveRoles Management Shell for Active Directory.
The script are uploaded to PoshCode, and available from here.
What I would like to add, is the encryption of the $password variable. If you have some good ideas on how to accomplish this, suggestions are welcome in the Comments-section below.
Life Cycle Server 2008 is a server application to be run in Active Directory environments providing policy based user administration and managed operations.
ve just started working with this product at a customer wanting a system for user population automation in Active Directory.
Basically all users are imported from a file generated by a generic HR system, and the LCS 2008 application keeps this information in a SQL database.
Based on this data-source users are maintained in Active Directory.
There is also a policy-feature allowing to set domain and OU-wide policies for all kinds of user attributes, like group-membership.
Provided in an upcoming extension there will be support for PowerShell commands in these policies:
Regarding to policy linking, inheritance, blocking etc they work the exact way as regular Group Policies.
As an example you could insert a PowerShell script-block into a policy to check that each users homedirectory exists using Test-Path, and if not, create the directory with the appropriate permissions.
For more information, have a look at the published product documentation.