Password Archives - The Random Admin

Dino Passwords!

by David | Aug 25, 2021 | Help Desk, Information Technology, PowerShell

Passwords can be hard to make for people, especially kids and older users. That’s where Dino Passwords come into play. You can make simple and yet complex passwords using this service. This service also has a simple API to work with. I personally like using the API with new user creation scripts. The API is a single line with the invoke-webrequest command let.

Strong Passwords

(Invoke-WebRequest -Uri http://www.dinopass.com/password/strong).content

Simple Passwords

(Invoke-WebRequest -Uri http://www.dinopass.com/password/simple).content

That’s it, it’s as simple as that. Great little passwords that even kids can figure out how to use.

Oneliner Password Generator

by David | Aug 9, 2021 | Information Technology, PowerShell

Passwords, Passwords, and more Passwords. Let’s generate a 16 character password that is complex and random that you will have to save into your password manager because you will never remember it.

The Single Line

[string]::Join("",(1..16 | ForEach-Object {[char](Get-Random -Minimum 32 -Maximum 126)}))

The Breakdown

Lets break it down and then make a function for easier use. We are going to use the concept of PEMDAS. For this breakdown.

Get-Random -Minimum 32 -Maximum 126

This gives us a random number between 32 and 126. Why is this important. The next part is why. We are grabbing a character of X, [char](x), These are considered password-safe characters of the ASCII set.

 1..16 | foreach-object {SomeCode}

This part repeats everything in the “some code” area 16 times. So we are grabbing 16 chars. Each loop occurs separately. This creates 16 characters that take up a different line on the shell prompt each time it runs. That’s where the next part comes into play.

[string]::Join("", array )

This part of the script is a string function that joins each part of the array together. Notice the “” part. This adds items inside the array. So if you want the password to have 7 every join, then place “7” here.

Now when you combine all this together. We create an array of random password-safe characters and join them all together. With their powers combined, we have a potential password.

Lets make a Function

function Get-SHDPassword {
    [cmdletbinding()]
    Param (
        [int]$Length = 16,
        [int]$Count = 1
    )
    for ($I=0;$I -lt $Count;$I++) {
        [string]::Join("",(1..$Length | ForEach-Object {[char](Get-Random -Minimum 32 -Maximum 126)}))        
    }
}

Here we added a count, so we can make more than one and choose from it. By default, we are setting them to 16 and to 1. This way we have a 16 character password that is done only once.

That’s all folks, let me know if you have any questions or corrections.

Password Notifications

by David | Sep 22, 2020 | Information Technology, PowerShell, Resources

I wanted to share a little script that has changed the world at my current company. It’s a simple password email notification script. What it does is grabs the users’ whos passwords about to expire. Then it emails that user with instructions on how to reset their password. Then it sends an email to the user’s manager with a list of when the user’s password will expire. Then finally it sends an email to another person with a complete list of all expiring users and when they will expire. After the user hits zero, the script no longer cares about that person. This is to prevent lots of headaches in the long run with on leave and whatnots. The best thing to do is to set up a scheduled task on a server with rsats. The computer will also need a relay setup on the exchange server.

The Script

param (
    [parameter(Helpmessage = "Return Email", Mandatory = $true)][string]$ReturnEmail,
    [parameter(Helpmessage = "Email Sent to IT", Mandatory = $true)][string]$ITEmail,
    [parameter(Helpmessage = "Mail Server", Mandatory = $true)][string]$MailServer,
    [parameter(Helpmessage = "Employee Organizational Unit", Mandatory = $true)][string]$EmployeeOU,
    [parameter(Helpmessage = "Training Link", Mandatory = $true)][string]$TrainingLink,
    [parameter(Helpmessage = "Training Link", Mandatory = $true)][string]$DaysWithinExpiration
)
$MaxPwdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
$expiredDate = (Get-Date).addDays(-$MaxPwdAge)
$emailDate = (Get-Date).addDays( - ($MaxPwdAge - $DaysWithinExpiration))
$ExpiredUsers = Get-ADUser -Filter { (PasswordLastSet -lt $emailDate) -and (PasswordLastSet -gt $expiredDate) -and (PasswordNeverExpires -eq $false) -and (Enabled -eq $true) } -Properties DisplayName, PasswordNeverExpires, Manager, PasswordLastSet, Mail, "msDS-UserPasswordExpiryTimeComputed" -SearchBase "$EmployeeOU" | Select-Object DisplayName, samaccountname, manager, PasswordLastSet, @{name = "DaysUntilExpired"; Expression = { $_.PasswordLastSet - $ExpiredDate | Select-Object -ExpandProperty Days } }, @{name = "EmailAddress"; Expression = { $_.mail } }, @{Name = "ExpiryDate"; Expression = { [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") } } | Sort-Object PasswordLastSet
$ExpiredUsers
foreach ($ExpiredUser in $ExpiredUsers) {
    $ReturnHTML = @" 
<html> 
<head>
<style>
body {
    Color: #252525;
    font-family: Verdana,Arial;
    font-size:11pt;
}
h1 {
    text-align: center;
    color:#C8102E;
    Font-size: 34pt;
    font-family: Verdana, Arial;
}
h2 {
    text-align: center;
    color:#9EA2A2;
    Font-size: 20pt;
}
h3 {
    text-align: center;
    color:#211b1c;
    Font-size: 15pt;
}
h4 {
    text-align: center;
    color:#242526;
    Font-size: 15pt;
}
a:link {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
a:visited {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
</style>
</head>
<body>
Dear $($ExpiredUser.DisplayName),<br><br>
Your password was last set on <i>$($ExpiredUser.PasswordLastSet)</i>. This means your password will expire in <b>$($ExpiredUser.DaysUntilExpired) Days</b>. Please reset your password before <b>$($ExpiredUser.ExpiryDate)</b><br>
<ol>
<li>Find a computer connected to the network</li>
<li>if the computer is logged in, on your keyboard press, <b>ctrl+alt+del</b> at the same time. </li>
<li>Select <b>Change Password</b></li>
<li>replace the username section with <b>$($ExpiredUser.samaccountname)</b>.</li>
<li>Enter your old password in the old password location.</li>
<li>Enter a new password in the new password location.</li>
<li>Confirm your new password in the confirm password location</li>
<li>Click Enter</li>
</ol>
<br>
<hr>
<br>
For more Information on how to change your password Please watch these videos.<br>
<a href='$TrainingLink'>How to change your Password.</a><br><br>

Thank you<br>
IT Department
</body> 
</html> 
"@  
    Send-MailMessage -To $($ExpiredUser.EmailAddress) -From "$ReturnEmail" -Subject "$($ExpiredUser.DisplayName) Password Notification" -BodyAsHtml $ReturnHTML -SmtpServer $MailServer
}
$Managers = $ExpiredUsers | Select-Object -ExpandProperty manager -Unique
foreach ($Manager in $Managers) {
    $ReportingtoHTML = $ExpiredUsers | Where-Object { $_.manager -eq $Manager } | Select-Object -Property DisplayName, @{name = "EmailAddress"; Expression = { $_.mail } }, @{label = "DaysUntilExpired"; expression = { "$($_.DaysUntilExpired) Days" } }, ExpiryDate | ConvertTo-Html -Fragment -As Table
    $Manager = Get-ADUser $Manager -Properties DisplayName, PasswordNeverExpires, Manager, PasswordLastSet, "msDS-UserPasswordExpiryTimeComputed" | Select-Object DisplayName, samaccountname, mail, manager, PasswordLastSet, @{name = "DaysUntilExpired"; Expression = { $_.PasswordLastSet - $ExpiredDate | Select-Object -ExpandProperty Days } }, @{name = "EmailAddress"; Expression = { $_.mail } }, @{Name = "ExpiryDate"; Expression = { [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") } } | Sort-Object PasswordLastSet
    $ManagerReturnHTML = @" 
<html> 
<head>
<style>
h1 {
    text-align: center;
    color:#C8102E;
    Font-size: 34pt;
    font-family: Verdana, Arial;
}
h2 {
    text-align: center;
    color:#9EA2A2;
    Font-size: 20pt;
}
h3 {
    text-align: center;
    color:#211b1c;
    Font-size: 15pt;
}
h4 {
    text-align: center;
    color:#242526;
    Font-size: 15pt;
}
a:link {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
a:visited {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
body {
width:75%;
background-color:#ffffff;}
table {border-collapse: collapse; border: 1px solid rgb(45,41,38); text-align: Center;}
th {background-color: #f7a1af; text-align: Center;}
tr:nth-child(even) {background-color: #f2f2f2;}
tr {text-align: Center;}
td {border:1px solid rgb(45,41,38);text-align: Center;}
</style>
</head>
<body style="font-family:verdana;font-size:13"> 
Dear $($Manager.DisplayName),<br><br>
Here is a list of all employees that are reporting to you whose passwords are to expire within the next 14 days. Please have these employees reset their passwords <b>before</b> their expirydate. Please note that we have also sent an email to the employee with the instructions on how to reset their password.<br>
<br>
$ReportingtoHTML
<br>
The below videos have been sent to these employees. If the employee needs help, refer them to these videos or instruct them how to reset their passwords.<br>
<a href='$TrainingLink'>How to change your Password.</a><br><br>
<br>

Thank you<br>
IT Department
</body> 
</html> 
"@  
    Send-MailMessage -To $($Manager.EmailAddress) -From "$ReturnEmail" -Subject "User Password Notification" -BodyAsHtml $ManagerReturnHTML -SmtpServer $MailServer
}
$ITReturnHTML = $ExpiredUsers | Select-Object @{label = "Name"; expression = { $_.Displayname } }, @{Label = "UserName"; expression = { $_.samaccountname } }, EmailAddress, @{label = "Manager"; expression = { $(($_.Manager.Split(',')).split('=')[1]) } }, ExpiryDate, @{Label = "Days"; expression = { $_.DaysUntilExpired } } | ConvertTo-Html -Fragment -As Table
$ItReportReturnHTML = @" 
<html> 
<head>
<style>
h1 {
    text-align: center;
    color:#C8102E;
    Font-size: 34pt;
    font-family: Verdana, Arial;
}
h2 {
    text-align: center;
    color:#9EA2A2;
    Font-size: 20pt;
}
h3 {
    text-align: center;
    color:#211b1c;
    Font-size: 15pt;
}
h4 {
    text-align: center;
    color:#242526;
    Font-size: 15pt;
}
a:link {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
a:visited {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
body {
background-color:#ffffff;}
table {border-collapse: collapse; border: 1px solid rgb(45,41,38); text-align: Center;}
th {background-color: #54c6ff; text-align: Center;}
tr:nth-child(even) {background-color: #f2f2f2;}
tr {text-align: Center;width:20%;}
td {border:1px solid rgb(45,41,38);text-align: Center;}
</style>
</head>
<body style="font-family:verdana;font-size:13"> 
Dear IT,<br><br>
Please see the expiring/expired password list below.
<br><br>
$ITReturnHTML
<br>
The below videos have been sent to these employees. If the employee needs help, refer them to these videos or instruct them how to reset their passwords.<br>
<a href='$TrainingLink'>How to change your Password.</a><br><br>
<br>

Thank you<br>
IT Department
</body> 
</html> 
"@  
Send-MailMessage -To $ITEmail -From "$ReturnEmail" -Subject "Password Expiry Notification" -BodyAsHtml $ItReportReturnHTML -SmtpServer $MailServer
$Admins = Get-ADUser -Filter { (samaccountname -like "*_adm") -and (PasswordLastSet -lt $emailDate) -and (PasswordLastSet -gt $expiredDate) -and (PasswordNeverExpires -eq $false) -and (enabled -eq $true) } -Properties *
Foreach ($Admin in $Admins) {
    $Username = $Admin.samaccountname -replace "(_.*)", ""
    $User = Get-ADUser -Identity $Username -Properties *
    $ReturnHTML = @" 
<html> 
<head>
<style>
body {
    Color: #252525;
    font-family: Verdana,Arial;
    font-size:11pt;
}
h1 {
    text-align: center;
    color:#C8102E;
    Font-size: 34pt;
    font-family: Verdana, Arial;
}
h2 {
    text-align: center;
    color:#9EA2A2;
    Font-size: 20pt;
}
h3 {
    text-align: center;
    color:#211b1c;
    Font-size: 15pt;
}
h4 {
    text-align: center;
    color:#242526;
    Font-size: 15pt;
}
a:link {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
a:visited {
    color:#C8102E;
    text-decoration: underline;
    cursor: auto;
    font-weight: 700;
}
</style>
</head>
<body>
Dear $($User.DisplayName),<br><br>
Your Admin password was last set on <i>$($Admin.PasswordLastSet)</i>. This means your password will expire in <b>$($admin.DaysUntilExpired) Days</b>. Please reset your password before <b>$($Admin.ExpiryDate)</b><br>
<ol>
<li>Find a computer connected to the network</li>
<li>if the computer is logged in, on your keyboard press, <b>ctrl+alt+del</b> at the same time. </li>
<li>Select <b>Change Password</b></li>
<li>replace the username section with <b>$($Admin.samaccountname)</b>.</li>
<li>Enter your old password in the old password location.</li>
<li>Enter a new password in the new password location.</li>
<li>Confirm your new password in the confirm password location</li>
<li>Click Enter</li>
</ol>
<br>
<hr>
<br>
For more Information on how to change your password Please watch these videos.<br>
<a href='$TrainingLink'>How to change your Password.</a><br><br>

Thank you<br>
IT Department
</body> 
</html> 
"@  
    Send-MailMessage -To $($User.EmailAddress) -From "$ReturnEmail" -Subject "$($User.DisplayName) Password Notification" -BodyAsHtml $ReturnHTML -SmtpServer $MailServer
}