Intro Even though we have group managed service account, regular user accounts are still used by various services and applications. The passwords for these accounts are (hopefully) hard to remember and might be shared by a group of people. This means that when it’s time to modify that service , scheduled task or application we haven’t touched in years I really want to make sure I have the right username and password before I start.
I’ve previously written about how to generate a random password and how to output a password in phonetic alphabet. Today I’m going to put those two functions to use in a practical example.
Scenario: Carl is a helpdesk agent and today he is feeling a bit stressed out. There has been an outage on one of the business critical systems and the phones are constantly ringing. One of the calls is a user who forgot his password and Carl quickly asks the usual control questions to make sure that the user is who he claims to be, locates the user account and clicks on reset password.
I once wrote a post on how to generate random passwords that would comply with Active Directory complexity rules quite a while back. My script on TechNet Gallery has now reached over 2000 downloads and I thought it might be time to revisit the topic with a few updates. First off I’ve just updated the script, mainly for better performance.
I’ve also realized that a common scenario is when a user calls the service desk asking for a new password.
UPDATE 2015-01-04: I’ve updated the script on Technet Gallery: https://gallery.technet.microsoft.com/Generate-a-random-and-5c879ed5
Drastically improved performance and randomization logic.
When provisioning new users to Active Directory we need to provide a new password and of course we want to generate a random password.
This is my thoughts and three methods for generating passwords, the first two quite simple and straightforward and the third method a little bit more complex and definitely the one I recommend.