Generating passwords for Active Directory–Revisited

Page content

I once wrote a post on how to generate random passwords that would comply with Active Directory complexity rules quite a while back. My script on TechNet Gallery has now reached over 2000 downloads and I thought it might be time to revisit the topic with a few updates. First off I’ve just updated the script, mainly for better performance.

I’ve also realized that a common scenario is when a user calls the service desk asking for a new password. In those scenarios the password is usually verbally spelled to the user which might cause confusion and misunderstandings. For that reason I wrote a simple function that will spell out a password phonetically. For that I needed a dictionary, I chose the NATO phonetic alphabet stored in a HashTable, since HashTables are great for quickly doing lookups as long as the lookup value is unique.

[HashTable]$PhoneticTable = @{
    'a' = 'alfa'    ;'b' = 'bravo'   ;'c' = 'charlie';'d' = 'delta';
    'e' = 'echo'    ;'f' = 'foxtrot' ;'g' = 'golf'   ;'h' = 'hotel';
    'i' = 'india'   ;'j' = 'juliett' ;'k' = 'kilo'   ;'l' = 'lima' ;
    'm' = 'mike'    ;'n' = 'november';'o' = 'oscar'  ;'p' = 'papa' ;
    'q' = 'quebec'  ;'r' = 'romeo'   ;'s' = 'sierra' ;'t' = 'tango';
    'u' = 'uniform' ;'v' = 'victor'  ;'w' = 'whiskey';'x' = 'x-ray';
    'y' = 'yankee'  ;'z' = 'zulu'    ;'0' = 'Zero'   ;'1' = 'One'  ;
    '2' = 'Two'     ;'3' = 'Three'   ;'4' = 'Four'   ;'5' = 'Five' ;
    '6' = 'Six'     ;'7' = 'Seven'   ;'8' = 'Eight'  ;'9' = 'Niner';
    '.' = 'Point'   ;'!' = 'Exlamationmark';'?' = 'Questionmark';

I also made this a parameter so it can easily be changed. The other parameter is –Char which takes an array of chars to be phonetically spelled out. And if you have a string that will work as well since specifying a type for a parameter will make PowerShell will try to convert anything assigned to the parameter to that type. And since –Char is of the type [char[]] (array of char), a string will nicely convert to an array for chars. If that conversion fails the command won’t run.

The function will loop once for each character in the array.

First the loop will check if the character is listed in the hashtable by using the method ContainsKey. This method takes an object as input, checks is there is a key matching that object and returns true or false.


If the char is listed in $PhoneticTable I use the static method IsUpper to check if the char is uppercase (this will only return true for uppercase letters). An uppercase char will make the phonetic word converted to uppercase as well.


Then a PSCustomObject with two properties (Char and Phonetic) is outputted to a variable.

Last of all I use the string formatting operator (-f) to create my result text:

"`n{0}`n{1}" -f ('Input text: {0}'-f-join$Char), ($Result | Format-Table -AutoSize | Out-String)

Here is an example of how I can generate a password and have it spelled out to me:


The full script is available here: