Announcement

Collapse
No announcement yet.

Password generator and user creator

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password generator and user creator

    Hi all and happy new year!

    I need to create 250 users in AD and assign a random password that meets our complexity standards but the thought of typing them all in and thinking of a password is sole destroying. Then we've got to inform each individual

    Does anyone know of a tool that would help me achieve this?

    Ideally we'd like to enter all the full names of the users, define a username based on first initial surname fbloggs, define character options, create the accounts, add the password and then export the list to csv

    Any suggestions or ideas?

    Thanks

  • #2
    Re: Password generator and user creator

    Excel-based Password Generator

    or

    Password Generator Download

    or

    Multiple Complex Password Generator

    or

    Any number of options via Google
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Password generator and user creator

      How are you at Powershell? Should be easy enough to script all of that. It would take an hour or two I would think.
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: Password generator and user creator

        Originally posted by marcopolo View Post
        Hi all and happy new year!

        I need to create 250 users in AD and assign a random password that meets our complexity standards but the thought of typing them all in and thinking of a password is sole destroying. Then we've got to inform each individual

        Does anyone know of a tool that would help me achieve this?

        Ideally we'd like to enter all the full names of the users, define a username based on first initial surname fbloggs, define character options, create the accounts, add the password and then export the list to csv

        Any suggestions or ideas?

        Thanks
        I have to ask why you need to have a different password for each employee.

        These new employees should be getting a generic password that they MUST reset at first logon. That way you only have to think of one

        To follow on from JeremyW's suggestion this is on the first page on Google when i search for bulk user creation

        http://blogs.msdn.com/b/amitgupta/ar...owershell.aspx

        Please remember that you MUST test in a test environment prior to running in production.

        Comment


        • #5
          Re: Password generator and user creator

          Sorry guys, maybe should have said I've located many generators but I was hoping to find one that worked directly with AD, e.g. it lets me define the name format and creates an account with a random password, then outputs it to a CSV.

          Or one that I select a batch of users already created and it goes and resets their password and overwrites with a random new one, again exporting to a list.

          The reason behind this is that all the users are new accounts and they'll be using it only for a service we're rolling out so their credentials will be posted to them and the password have to be different for security reasons. I'd raise my eyebrows somewhat if the support desk created 250 accounts with the same password with all username conventions the same!

          They also won't get the facility to reset on first login due to the application type being rolled out.

          If it cannot be done this way, fine, it's just a question. They might in the end have to use a generator and type them all in manually.

          Comment


          • #6
            Re: Password generator and user creator

            Originally posted by marcopolo View Post
            If it cannot be done this way, fine, it's just a question. They might in the end have to use a generator and type them all in manually.
            You certainly don't have to do this manually, regardless of how the passwords are generated. If you have a bunch of user accounts and random passwords in a file, it's no big deal to create a script (or even a one-liner) that parses the list and creates or alters the relevant AD accounts.

            Comment


            • #7
              Re: Password generator and user creator

              And how will you get your users to remember a truly rand password like Z.4$[q93H/# . You will end up with Postit note security if you use something like that.

              What are you complexity requirements?
              Last edited by biggles77; 8th January 2015, 14:44. Reason: Fix typo
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Password generator and user creator

                Originally posted by biggles77 View Post
                And how will you get your users to remember a truly rand password like Z.4$[q93H/# . You will end up with Postit note security is you use something like that.
                That's a very good point, so if the OP is going to assign random passwords, he should also make sure to force a password change at next logon.

                (In my opinion, using a default password for all new users is a horrible idea security-wise, even if you force a password change at next logon. If the default password becomes known outside the organization (and it will, usually quite quickly), the "reset password" procedure becomes a very attractive attack vector.)

                Comment


                • #9
                  Re: Password generator and user creator

                  Agree with you both on some points, but if I can source a generator that can be defined to utilise certain characters and numbers only, using a eight character length with one number and one number, it would help.

                  As already mentioned, in a normal domain login environment passwords force changes work fine on first login but these 250 users will be coming though a portal and as such will have no ability in the immediate term to change their password.

                  Comment


                  • #10
                    Re: Password generator and user creator

                    Originally posted by marcopolo View Post
                    As already mentioned, in a normal domain login environment passwords force changes work fine on first login but these 250 users will be coming though a portal and as such will have no ability in the immediate term to change their password.
                    Then how about implementing a much saner password policy, using a random collection of dictionary words rather than a string of random characters? Those passwords are much easier to remember, and as a bonus they're also harder to crack with an automated brute force or dictionary tool.

                    Comment


                    • #11
                      Re: Password generator and user creator

                      Originally posted by Ser Olmy View Post
                      Then how about implementing a much saner password policy, using a random collection of dictionary words rather than a string of random characters? Those passwords are much easier to remember, and as a bonus they're also harder to crack with an automated brute force or dictionary tool.
                      While I completely agree regarding a pass phrase (and rep++ for the XKCD link), there is a problem that most external audits (I have encountered 3 of the big 4 organisations) have a tick box for "complex passwords" that matches MS best practice, so explaining that "actually this is more secure" doesn't work. Since management seem to value the opinion of the auditors far more than in-house IT (they're paying silly money, so the advice must be good, right?), anything red-flagged on the audit report becomes a case of "must obey orders" rather than a point for discussion and rational decision.
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Password generator and user creator

                        Originally posted by Me
                        but if I can source a generator that can be defined to utilise certain characters and numbers only, using a eight character length with one number and one number
                        Check the links I gave you. Excel can also do it but again, you will have a random password that nobody can remember.
                        You could create an MMC that will allow the User to change the default password to something that they might remember with out the need for a Postit note.

                        You could use Excel with several fields that have a number of names, numbers and characters. The formula could take a random name from the list, combine a random number (between 01 and 99, or more) and then add in the ASCII character. That way your users will have a chance of remembering the password.

                        eg A list of 5 character word each with an UPPERCASE letter anywhere in the word
                        The number range that you decide on.
                        A selection of ASCII characters.
                        Words:
                        twiTs
                        Smell
                        clotH
                        shEep

                        Numbers:
                        01
                        23
                        47
                        85
                        (etc)

                        Characters:
                        #
                        %
                        ^
                        &
                        $

                        Formula would select a random option from each field and combine and output them to another page that has the User name etc on it. You could then save it as a CSV and import into AD

                        Password could be twiTs47$

                        I have an excel formula somewhere that I would need to dig out but I am catching a plane in 5 hours and I need to pack and get some sleep first. The formula was used successfully for creating password for some 550, 9+ year olds but we only used the first 2 options and the UPPERCASE was always the first letter.
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment


                        • #13
                          Re: Password generator and user creator

                          Originally posted by biggles77 View Post
                          Words:

                          shEep

                          Uh, huh....
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Password generator and user creator

                            Originally posted by Ossian View Post
                            While I completely agree regarding a pass phrase (and rep++ for the XKCD link), there is a problem that most external audits (I have encountered 3 of the big 4 organisations) have a tick box for "complex passwords" that matches MS best practice, so explaining that "actually this is more secure" doesn't work.
                            That's more than a bit alarming, since it seems to indicate that the auditors are mindlessly ticking boxes on a checklist, and are incapable of logic or even basic math.

                            After all, that the passphrase approach results in vastly better security is not somebody's opinion, it's a provable and proven fact. Having auditors insist that inferior solutions need to be used is worse than having no audits at all.

                            Comment


                            • #15
                              Re: Password generator and user creator

                              Originally posted by Ser Olmy View Post
                              since it seems to indicate that the auditors are mindlessly ticking boxes on a checklist, and are incapable of logic or even basic math.
                              Ah, you've met auditors before, then....

                              All the ones I encountered (2008-2012 in various places) had a script on a PC - probably just Excel, with questions and definite "right" and "wrong" answers, and basically produced a standard report from their interview.

                              Of course, for large organisations, an audit is a legal requirement, not an option, and they now seem to have added IT to finance as a target for their scrutiny. The various finance managers I worked with were equally scathing of the auditors, so I guess its a generic issue.
                              Tom Jones
                              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                              PhD, MSc, FIAP, MIITT
                              IT Trainer / Consultant
                              Ossian Ltd
                              Scotland

                              ** Remember to give credit where credit is due and leave reputation points where appropriate **

                              Comment

                              Working...
                              X