My New-ComplexPassword PowerShell function allows you to generate complex passwords of custom length. Optionally, you can add one or several special characters to the passwords.

Graham Beer

Graham is an experienced system engineer with a passion for PowerShell and automation. You can follow his blog or reach him on Twitter at @GKBeer.

I was working on a project recently that involved adding and moving users to Office 365. They wanted a way to generate and pass a list of random complex passwords for many new users to the admin team. They also required the ability to capture the user and password so they had a record in case the user required these details from first-line support. By using PowerShell, I came up with the New-ComplexPassword function.

I came across the .NET namespace System.Web.Security. Under this namespace is the Membership class. The MSDN documentation states this class "Validates user credentials and manages user settings." I used the GeneratePassword method in the function. This method takes two parameters to generate a random password, requiring the specified length and the number of special characters to use.

I'll describe the two parameters below (taken from MSDN):

length

Type: System.Int32

> The number of characters in the generated password. The length must be between 1 and 128 characters.

numberOfNonAlphanumericCharacters

Type: System.Int32

> The minimum number of non-alphanumeric characters (such as @, #, !, %, &, and so on) in the generated password.

Now that I know how I'm going generate the passwords, let's focus on how I built the function.

I created the function with two parameter sets. A parameter set gives a single cmdlet the ability to perform different actions for different scenarios. The two tasks I wanted to perform with this function were creating a single ad-hoc password and passing a list of usernames from the pipeline.

This is how I constructed the first part:

The main two parameters take an integer, and the last parameter, which is in the 'multiple' parameter set, takes an array of strings.

Using the Syntax switch and the Get-Command cmdlet on the function shows the two parameter sets:

New ComplexPassword syntax

New ComplexPassword syntax

The Begin block of the function loads the System.Web assembly so we can use the Membership class:

The process block uses one of PowerShell's automatic variables, $PsCmdlet, in our switch statement. PowerShell's help system states this "Contains an object that represents the cmdlet or advanced function that is being run." We are using the ParameterSetName property, which gives us the name of the parameter set we're using. (To learn more about PowerShell automatic variables, read the help on about_Automatic_Variables.)

The switch gives us an either-or instance. This is where we'll use the System.Web.Security.Membership class. The static method described earlier takes two parameters. From the function, we pass our two parameters: password length and the special character count. This will generate our password.

The multiple part of the switch uses a foreach loop to parse each object to a custom object that will output the name with an assigned password.

Let's work with our function and see how we can use it.

Here is the function at its most basic level:

We can pass some users through the pipeline to the function, providing a password length of 10 characters and containing 2 special characters:

Generate passwords with usernames

Generate passwords with usernames

By using the range operator, I can generate many passwords quickly:

Piping a number range to the function

Piping a number range to the function

Finally, to show the flexibility of the function, I can pass and generate a text file with a list of passwords by typing the following:

This is a great example of using .NET classes with PowerShell to generate passwords quickly and efficiently.

And this is the function in full:

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

5+

Users who have LIKED this post:

  • avatar
  • avatar
Share
1 Comment
  1. Tom 10 months ago

    Hi Graham, thanks for this post which I found useful.  I wanted to create complex passwords for use with O365 and which would be within the set restrictions, but I also wanted the passwords to be easier for my users to type in.  If you're interested, I wrote about it here.

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account