From f16bc774b9f33dc50793722d53f00f4dc3c1b13a Mon Sep 17 00:00:00 2001 From: Viktor Hedberg Date: Wed, 4 Dec 2024 21:26:22 +0100 Subject: [PATCH] Update journey-step-3.md Proposing to use New-Guid instead, it will generate a "complex" password easier than having to rely on a custom PSFunction. --- .../passwordless-strategy/journey-step-3.md | 36 ++++--------------- 1 file changed, 6 insertions(+), 30 deletions(-) diff --git a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md index 9bc006a4e0d..8f4490eef80 100644 --- a/windows/security/identity-protection/passwordless-strategy/journey-step-3.md +++ b/windows/security/identity-protection/passwordless-strategy/journey-step-3.md @@ -72,20 +72,8 @@ Modify the **userId** variable of the script to match your environment (first li ```azurepowershell-interactive $userId = "" -function Generate-RandomPassword{ - [CmdletBinding()] - param ( - [int]$Length = 64 - ) - $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+[]{};:,.<>/?\|`~" - $random = New-Object System.Random - $password = "" - for ($i = 0; $i -lt $Length; $i++) { - $index = $random.Next(0, $chars.Length) - $password += $chars[$index] - } - return $password -} +$Password = (New-Guid).Guid +$Password Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force Install-Module Microsoft.Graph -Scope CurrentUser @@ -95,7 +83,7 @@ Connect-MgGraph -Scopes "UserAuthenticationMethod.ReadWrite.All" -NoWelcome $passwordParams = @{ UserId = $userId AuthenticationMethodId = "28c10230-6103-485e-b985-444c60001490" - NewPassword = Generate-RandomPassword + NewPassword = $Password } Reset-MgUserAuthenticationMethodPassword @passwordParams @@ -106,22 +94,10 @@ A similar script can be used to reset the password against Active Directory. Mod ```PowerShell $samAccountName = -function Generate-RandomPassword{ - [CmdletBinding()] - param ( - [int]$Length = 64 - ) - $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+[]{};:,.<>/?\|`~" - $random = New-Object System.Random - $password = "" - for ($i = 0; $i -lt $Length; $i++) { - $index = $random.Next(0, $chars.Length) - $password += $chars[$index] - } - return $password -} +$Password = (New-Guid).Guid +$Password -$NewPassword = ConvertTo-SecureString -String (Generate-RandomPassword) -AsPlainText -Force +$NewPassword = ConvertTo-SecureString -String ($Password) -AsPlainText -Force Set-ADAccountPassword -identity $userId -NewPassword $NewPassword -Reset ```