Powershell Password Generaator

This topic contains 12 replies, has 6 voices, and was last updated by Profile photo of Fredrik Kacsmarck Fredrik Kacsmarck 3 months, 3 weeks ago.

  • Author
    Posts
  • #62781
    Profile photo of benwexler
    benwexler
    Participant

    i was watching Powershell for Active Directory -Working with Users and Group with Ashley Mcglone and Jason Helmick and they continuously mention about using a password generator to create the initial password for the new users when doing import-csv. My question is .. is there anyway to create that password generator within the PS script and have it run on each new ad-user.

  • #62784
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Sure. There's nothing native but you could certainly code such a thing. If you do, I hope you share it!

  • #62790
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    Want to share my vision

  • #62799
    Profile photo of Fredrik Kacsmarck
    Fredrik Kacsmarck
    Participant

    Kind of depends on what you need in terms of characters, readability and so forth.
    But basically you could do this:

    Add-Type -AssemblyName System.Web
    $Password = [System.Web.Security.Membership]::GeneratePassword(10,2)
    

    The 10 is the amount of characters and the 2 tells the generator to include at least 2 special characters.
    But if you want to use the passwords e.g. sending them as an SMS then you probably need to format the string to make it more easy to use.
    E.g. replace lower case "L" and capital letter "i".
    On e.g. iphone those two characters look identical.

    • #62817
      Profile photo of benwexler
      benwexler
      Participant

      Maybe this is a me being a newbie but 3 additional questions..
      1) how can i run this within the Import-CSv script that i have, to have it run on each new iteration ( i have 50 lines in CSV, the generator should create 50 passwords?
      2) Once i have a password for each user, how can i pipe that to a password field for the AD users instead of using

       -AccountPassword$(ConvertTo-SecureString "P@55word" -AsPlainText -Force)

      3) How can i set up the mailto- feature to send the new user info to the employees manager as an email?

    • #62856
      Profile photo of Fredrik Kacsmarck
      Fredrik Kacsmarck
      Participant

      It would probably be easier if you share the structure of the .csv file and some fake data in it.
      So don't post real names etc. 🙂

      1)
      I wouldn't try to solve this as "one commandline" but rather as a script or function.
      E.g.

      Add-Type -AssemblyName System.Web
      $userData = Import-Csv .\newusers.csv
      
      foreach($u in $userData)
      {
        # Collect the name, department etc. from the current row.
        $firstName = $u.FirstName # This will depend on the column names in the .csv file. 
                                  # You are using substring etc. to grab the necessary information from your example later.
        $surName = $u.SurName 
        $samAccountName = # I think you get the picture.
        $password = [System.Web.Security.Membership]::GeneratePassword(10,2)
        # and so forth...
      }
      

      2)

      If using something like the above you would use the variable instead.

      -AccountPassword (ConvertTo-SecureString "$password" -AsPlainText -Force)
      

      3)

      A completely different topic but it's not difficult.
      Have a look at the cmdlet Send-MailMessage.

  • #62820
    Profile photo of Ron
    Ron
    Participant

    This one gives you lots of options.

    You can change the length, complexity, character sets used, etc, with each call.

  • #62850
    Profile photo of benwexler
    benwexler
    Participant
    New-ADOrganizationalUnit NewUsers
    
    $events="password"
    #Change Path to reflect the OU and DC for the company
    Import-CSV ".\newusers.csv" | Select-Object Title, Department, City, State, Office, EmployeeID, `
        @{name='name';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
        @{name='samAccountName';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
        @{name='displayName';expression={$_.'First Name'+' '+$_.'Last Name'}}, `
        @{name='givenName';expression={$_.'First Name'}}, `
        @{name='surName';expression={$_.'Last Name'}},`
        @{name = 'accountpassword' ;expression= {$events | ForEach-Object Add-Type -AssemblyName System.Web
     [System.Web.Security.Membership]::GeneratePassword(12,5)}} |  
     Out-GridView 

    1) https://drive.google.com/file/d/0B0VOFXBUUxkmX1hEUHNEaXB6Y2s/view?usp=sharing– Users are assigned a password
    2)https://drive.google.com/open?id=0B0VOFXBUUxkmdGZORGZtbHV6UkU — AD is having password complexity issues..

  • #62922
    Profile photo of benwexler
    benwexler
    Participant

    I've gotten this so far.. now im trying to figure out best way to email multiple usernames and passwords within one email per department

    see attached csv file..users.csv

     New-ADOrganizationalUnit NewUsers
    
    $password=-join ((44..90) + (97..122) | Get-Random -Count 10 | % {[char]$_})
    #Change Path to reflect the OU and DC for the company 
    Import-CSV ".\newusers.csv" | Select-Object Title, Department, City, State, Office, EmployeeID, `
        @{name='name';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
        @{name='samAccountName';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
        @{name='displayName';expression={$_.'First Name'+' '+$_.'Last Name'}}, `
        @{name='givenName';expression={$_.'First Name'}}, `
        @{name='surName';expression={$_.'Last Name'}},`
        @{name='accountpassword';expression={$password}}|New-ADUser -ChangePasswordAtLogon $true -Enabled $True -AccountPassword $(ConvertTo-SecureString $password -AsPlainText -Force) -Path 'OU=NewUsers,DC=***,DC=local' -PassThru
       
       Send-MailMessage -To '***' -From '***' -Subject 'username and password' -Body $password  -SmtpServer smtp.gmail.com -Credential (Get-Credential -Credential "****@****.***") -UseSsl -Port 25 -DeliveryNotificationOption never  
    • #62953
      Profile photo of Fredrik Kacsmarck
      Fredrik Kacsmarck
      Participant

      Who are the recipients?
      Meaning, are you going to send the information to a manager for each department or ?

      Send-Mailmessage can handle multiple recipients in the -To parameter.
      E.g.

      Send-MailMessage -To "jdoe@contoso.com","jsmith@contoso.com" #and the reset of the parameters
      

      Alternatively you collect all the recipients in an array variable and use the variable as the recipient.
      E.g.

      $recipients = "jdoe@contoso.com","jsmith@contoso.com"
      
      Send-MailMessage -To $recipients #and the reset of the parameters
      

      But then I would guess you also want to just include the data for that department or?

    • #63045
      Profile photo of benwexler
      benwexler
      Participant

      What i would like to do is be able to have an email sent to each department manager of the new respective hires with each new hire info on a separate line or in an attachement

      From: ben@contoso.com
      To: joe@contoso.com

      Subject:New Hires

      Please find new hire logon info (either below or in the attachment, if thats possible)

      1) John Smith / username:jsmith password: password
      2) Jack Goldberg / username:jgoldberg password:password

      etc.

      thanks,
      Ben

    • #63160
      Profile photo of Fredrik Kacsmarck
      Fredrik Kacsmarck
      Participant

      There are quite a few ways to solve this and didn't want to spend a lot of time doing multiple functions and so forth.
      So everything may not be using the most elegant procedure, e.g. nested foreach loops may not be best way 🙂
      But I leave that up to you to improve upon if you want.

      Disclaimer: The code works on my test VM to create the users and so forth, use it on your own risk.
      So test it first in your environment and not straight to production.
      Also, I don't have a mail server setup to test the mail delivery so you would need to test that.
      I'm not sure how you would get the manager information so I created a managers.csv file just as an example.
      The contents in the .csv file are (in my test):

      "ManagerMail","ManagerDepartment"
      "joe@contoso.com","Finance"
      "jane@contoso.com","Marketing"
      

      Posted the code via Gist.

  • #63061

    Hi

    Create collection, add user and password into collection and then add the collection into send-mailmessage -body $collection

    Jake

You must be logged in to reply to this topic.