Reset an AD user's password using auto password generator

Posted on 2009-04-06
Last Modified: 2013-12-24
i have the attached code provided here by Rob to auto generate a password using predetermined rules.
i need a way that would prompt me to enter a username and will reset the user's password to the auto generated value of the script (with the "user must change password at next logon" checked by default)

' Basis from here:


' Question link:


'Description: Auto generates password according to the following rules:

' Be at least 8 positions in length but up to 9.

' Contain at least one English letter and one digit character

' Should not contain a digit character in the first and last position!(0-9)

' No special characters - lower case letters and digits only

' Must begin and end with a letter

' Should not contain identical consecutive characters (aa, ##, 88.)

' Should not contain specific words (e.g. help, desk)


Const MinLength = 8

Const MaxLength = 9


While ValidatePassword(strPassword) = False

        strPassword = GeneratePassword


MsgBox strPassword


Function GeneratePassword()


        strRndPwd = ""


        If MinLength = "" Or MaxLength = "" Then

                WScript.Echo "Min and max lengths are not defined. Please set MinLength and MaxLength globally."

                Exit Function

        End If



        intLength = Int((MaxLength - MinLength + 1) * Rnd + MinLength)


        Const AsciiLower = 32

        Const AsciiUpper = 126


        While Len(strRndPwd) <= intLength


                strChr = Chr(Int((AsciiUpper - AsciiLower + 1) * Rnd + AsciiLower))

                If (Asc(strChr) >= 48 And Asc(strChr) <= 57) Or (Asc(strChr) >= 97 And Asc(strChr) <= 122) Then strRndPwd = strRndPwd & strChr



        GeneratePassword = strRndPwd

End Function


Function ValidatePassword(strValPwd)

	Set objRegEx = CreateObject("VBScript.RegExp")

	boolValid = True

	' Check the length requirement

	If Len(strValPwd) < MinLength Or Len(strValPwd) > MaxLength Then boolValid = False

	' Look for an english character

	If boolValid = True Then

		objRegEx.Pattern = "[a-z]"

		Set colMatches = objRegEx.Execute(strValPwd)  

		If colMatches.Count = 0 Then boolValid = False

	End If

	' Look for a digit

	If boolValid = True Then

		objRegEx.Pattern = "[0-9]"

		Set colMatches = objRegEx.Execute(strValPwd)  

		If colMatches.Count = 0 Then boolValid = False

	End If

	' Look for a digit in the first or last position

	If boolValid = True Then

		strFirstChr = Left(strValPwd, 1)

		strLastChr = Right(strValPwd, 1)

		If IsNumeric(strFirstChr) Or IsNumeric(strLastChr) Then boolValid = False

	End If

	' Prevent specific words from being the password

	Set objDict = CreateObject("Scripting.Dictionary")

	objDict.Add "ncx", 0

	objDict.Add "kbs", 0

	objDict.Add "qazwsx", 0

	objDict.Add "cns", 0

	objDict.Add "comverse", 0

	objDict.Add "help", 0

	objDict.Add "desk", 0

	If objDict.Exists(strValPwd) = True Then boolValid = False

	' Return the valid code

	ValidatePassword = boolValid

End Function

Open in new window

Question by:johnnyjonathan
  • 2
LVL 12

Accepted Solution

chandru_sol earned 500 total points
ID: 24079549

HTA in the link below will give you exactly what you needed

LVL 12

Expert Comment

ID: 24127844
Thanks for the Grade!!

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now