As there is no 100% guaranty that the Membership.GeneratePassword Method generates a password that meets the AD complexity requirements, I create a small cmdlet to generate random strings according to a certain complexity:



Create-RandomString [[-Size] <int>] [[-Complexity] <[U|u]|[L|l]|[N|n]|[S|s]>] [[-Exclude] <char[]>]


[[-Size] <int>]

The size of the password.

[[-Complexity] <[U|u]|[L|l]|[N|n]|[S|s]>]

The complexity of the password where the characters ULN and S refer to the character sets: Uppercase, Lowercase, Numerals and Symbols. If supplied in lowercase (uln or s) the returned password might contain any of character in the concerned character set, If supplied in uppercase (ULN or S) the returned string will contain at least one of the characters in the concerned character set.

[[-Exclude] <char[]>]

A list with unwanted characters to exclude from the password.


To create a password with a length of 8 characters that might contain any uppercase characters, lowercase characters and numbers:

Create-Password 8 uln

To create a password with a length of 12 characters that that contains at least one uppercase character, one lowercase character, one number and one symbol and does not contain the characters O, L, I, o, l, i, 0 or 1:

Create-Password 12 ULNS "OLIoli01"

The Create-Password cmdlet was originally published at StackOverflow

Leave a Reply