Powershell Password Generaator

i was watching Powershell for Active Directory -Working with Users and Group with Ashley Mcglone and Jason Helmick and they continuously mention about using a password generator to create the initial password for the new users when doing import-csv. My question is … is there anyway to create that password generator within the PS script and have it run on each new ad-user.

Sure. There’s nothing native but you could certainly code such a thing. If you do, I hope you share it!

Want to share my vision

Kind of depends on what you need in terms of characters, readability and so forth.
But basically you could do this:

Add-Type -AssemblyName System.Web
$Password = [System.Web.Security.Membership]::GeneratePassword(10,2)

The 10 is the amount of characters and the 2 tells the generator to include at least 2 special characters.
But if you want to use the passwords e.g. sending them as an SMS then you probably need to format the string to make it more easy to use.
E.g. replace lower case “L” and capital letter “i”.
On e.g. iphone those two characters look identical.

Maybe this is a me being a newbie but 3 additional questions…

  1. how can i run this within the Import-CSv script that i have, to have it run on each new iteration ( i have 50 lines in CSV, the generator should create 50 passwords?
  2. Once i have a password for each user, how can i pipe that to a password field for the AD users instead of using
     -AccountPassword$(ConvertTo-SecureString “P@55word” -AsPlainText -Force)
  3. How can i set up the mailto- feature to send the new user info to the employees manager as an email?

This one gives you lots of options.

You can change the length, complexity, character sets used, etc, with each call.

New-ADOrganizationalUnit NewUsers

$events="password"
#Change Path to reflect the OU and DC for the company
Import-CSV ".\newusers.csv" | Select-Object Title, Department, City, State, Office, EmployeeID, `
    @{name='name';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
    @{name='samAccountName';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
    @{name='displayName';expression={$_.'First Name'+' '+$_.'Last Name'}}, `
    @{name='givenName';expression={$_.'First Name'}}, `
    @{name='surName';expression={$_.'Last Name'}},`
    @{name = 'accountpassword' ;expression= {$events | ForEach-Object Add-Type -AssemblyName System.Web
 [System.Web.Security.Membership]::GeneratePassword(12,5)}} |  
 Out-GridView 
  1. https://drive.google.com/file/d/0B0VOFXBUUxkmX1hEUHNEaXB6Y2s/view?usp=sharing-- Users are assigned a password
    2)https://drive.google.com/open?id=0B0VOFXBUUxkmdGZORGZtbHV6UkU – AD is having password complexity issues…

It would probably be easier if you share the structure of the .csv file and some fake data in it.
So don’t post real names etc. :slight_smile:

I wouldn’t try to solve this as “one commandline” but rather as a script or function.
E.g.

Add-Type -AssemblyName System.Web
$userData = Import-Csv .\newusers.csv

foreach($u in $userData)
{
  # Collect the name, department etc. from the current row.
  $firstName = $u.FirstName # This will depend on the column names in the .csv file. 
                            # You are using substring etc. to grab the necessary information from your example later.
  $surName = $u.SurName 
  $samAccountName = # I think you get the picture.
  $password = [System.Web.Security.Membership]::GeneratePassword(10,2)
  # and so forth...
}

If using something like the above you would use the variable instead.

-AccountPassword (ConvertTo-SecureString "$password" -AsPlainText -Force)

A completely different topic but it’s not difficult.
Have a look at the cmdlet Send-MailMessage.

I’ve gotten this so far… now im trying to figure out best way to email multiple usernames and passwords within one email per department

see attached csv file…users.csv

 New-ADOrganizationalUnit NewUsers

$password=-join ((44..90) + (97..122) | Get-Random -Count 10 | % {[char]$_})
#Change Path to reflect the OU and DC for the company 
Import-CSV ".\newusers.csv" | Select-Object Title, Department, City, State, Office, EmployeeID, `
    @{name='name';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
    @{name='samAccountName';expression={($_.'First Name'.substring(0,1)+$_.'Last Name').substring(0).toLower()}}, `
    @{name='displayName';expression={$_.'First Name'+' '+$_.'Last Name'}}, `
    @{name='givenName';expression={$_.'First Name'}}, `
    @{name='surName';expression={$_.'Last Name'}},`
    @{name='accountpassword';expression={$password}}|New-ADUser -ChangePasswordAtLogon $true -Enabled $True -AccountPassword $(ConvertTo-SecureString $password -AsPlainText -Force) -Path 'OU=NewUsers,DC=***,DC=local' -PassThru
   
   Send-MailMessage -To '***' -From '***' -Subject 'username and password' -Body $password  -SmtpServer smtp.gmail.com -Credential (Get-Credential -Credential "****@****.***") -UseSsl -Port 25 -DeliveryNotificationOption never  

Who are the recipients?
Meaning, are you going to send the information to a manager for each department or ?

Send-Mailmessage can handle multiple recipients in the -To parameter.
E.g.

Send-MailMessage -To "jdoe@contoso.com","jsmith@contoso.com" #and the reset of the parameters

Alternatively you collect all the recipients in an array variable and use the variable as the recipient.
E.g.

$recipients = "jdoe@contoso.com","jsmith@contoso.com"

Send-MailMessage -To $recipients #and the reset of the parameters

But then I would guess you also want to just include the data for that department or?

What i would like to do is be able to have an email sent to each department manager of the new respective hires with each new hire info on a separate line or in an attachement

From: ben@contoso.com
To: joe@contoso.com

Subject:New Hires

Please find new hire logon info (either below or in the attachment, if thats possible)

  1. John Smith / username:jsmith password: password
  2. Jack Goldberg / username:jgoldberg password:password

etc.

thanks,
Ben

Hi

Create collection, add user and password into collection and then add the collection into send-mailmessage -body $collection

Jake

There are quite a few ways to solve this and didn’t want to spend a lot of time doing multiple functions and so forth.
So everything may not be using the most elegant procedure, e.g. nested foreach loops may not be best way :slight_smile:
But I leave that up to you to improve upon if you want.

Disclaimer: The code works on my test VM to create the users and so forth, use it on your own risk.
So test it first in your environment and not straight to production.
Also, I don’t have a mail server setup to test the mail delivery so you would need to test that.
I’m not sure how you would get the manager information so I created a managers.csv file just as an example.
The contents in the .csv file are (in my test):

"ManagerMail","ManagerDepartment"
"joe@contoso.com","Finance"
"jane@contoso.com","Marketing"

Posted the code via Gist.