Generate random passwords for Active Directory users
Lately I had the need to create a random password for each user in a specified OU in an Active Directory environment.
I accomplished this by using Windows PowerShell and the system.random .Net-class combined with Quest`s ActiveRoles Management Shell for Active Directory.
The script are uploaded to PoshCode, and available from here.
What I would like to add, is the encryption of the $password variable. If you have some good ideas on how to accomplish this, suggestions are welcome in the Comments-section below.
2 Comments »
Leave a comment
About
My name is Jan Egil Ring and I live in Oslo, Norway. I work as a Senior Consultant on the Infrastructure Team at Crayon Norway.
I`m holding different certifications such as MCITP: Enterprise Messaging Administrator and MCITP: Enterprise Administrator. For more details see my MCP Virtual Business Card.
I work mainly with Microsoft-products, and my favourite server product is Microsoft Exchange.
I`m a co-founder of the Norwegian Microsoft Technology User Group (MTUG), which is an assosication of local MTUG user groups in Norway.
I`m also a big fan of Windows PowerShell as you probably guessed based on the blog-title 
My intentions with this blog are sharing my experiences based on various projects and troubleshooting, as well as sharing different resource links to technologies I work with.
RSS-feed
Google Reader – My Shared Items- Designing Cmdlets That Have Lots of Parameters PowerShellTeam
- Automated physical-to-virtual migration for Windows 7 Graham Watkins
- Quick Tip: Add Exchange Management Shell Menu Item in PowerShell ISE Mike Pfeiffer
- Exchange 2007/2010 Connection Filtering and Transport Configuration Elan Shudnow
- Exchange 2010 SP1 FAQ and Known Issues Exchange
Could you store the $password in the TPM chip ?
http://msdn.microsoft.com/en-us/library/aa376205(VS.85).aspx is the closest i find.
You might also use an smart card, as they have true random generators you might enjoy.
I was actually thinking about using the ConvertTo-SecureString cmdlet (http://technet.microsoft.com/en-us/library/dd347656.aspx), but using the TPM might not be a bad idea. I`ll see what I`m able to accomplish.