Today I wrote a post with a Powershell function to create a complex password.
Although it does generate a complex password, it would not be enough for the complexity policy for passwords in Windows. This because the script didn’t check if there was a lowercase, uppercase, number and punctuation mark included.
Now, until now that script was sufficient for my customers because when you script a password you would not get prompted by a nasty error stating that the provided password does not meet the complexity requirements and stuff like that; it will just ram the password in your user object and be done with it.
Now, in the afternoon I received several comments (from Pete Zerger amongst others) about this limitation of my function, so (just to make the community peers happy) I re-wrote the function. And since I was at it, now a default length of 8 characters is used when no length is provided.
Function New-RandomComplexPassword ()
param ( [int]$Length = 8 )
#Usage: New-RandomComplexPassword 12
$Assembly = Add-Type -AssemblyName System.Web
$RandomComplexPassword = [System.Web.Security.Membership]::GeneratePassword($Length,2)
As you may have noticed, with this version I make use of a .NET assembly instead of native Powershell cmdlets. This is because using the .NET assembly makes the code a lot shorter and faster. Next to that, the script I started to write before I found this assembly was huge and way more complex than it needed to be.
For more information on the assembly I used, check the MSDN page.