Generate up to 5,000 (real looking) Active directory users for test labs

I have been spending time lately working on simulating AD migrations and investigating user experience. The general goal is to find and purposely cause issues during the migration and then create audits to find and mitigate the pain points.

In order to accomplish that I needed some real looking users in my environment. So I went ahead and created a script that utilizes the API found over at https://www.randomuser.me

A neat little API you can generate fake user information in blocks of up to 5,000. The full documentation can be found here.

The script is broken up into 2 functions.

The first function is useful on its own “find_ad_id”

function find_ad_id($first,$last) {
$first = $first -Replace "\s*"
$last = $last -Replace "\s*"
$not_found = $true
for($i = 1; $i -le $first.length; $i++) {
$Sam_account =""
$letters_first = ""

for($l = 0; $l -ne $i; $l++){
$letters_first += $first[$l]
}

$sam_account = $letters_first+$last
if(-not (Get-aduser -Filter {SamaccountName -eq $sam_account})) {
$not_found = $false
return $sam_account
}
}

if($not_found -eq $true) {
return "ERROR:FAIL"
}
}

find_ad_id is a function I wrote for my personal profile a while ago. Really pretty straightforward but I find it very useful. It takes a first and last name as an input and then strips all spaces out of the name. The next step is to take the firstname and break it up into initials. It tries combining the first name into the last name looking for an un-used Samaccountname value in AD.

For example:
John Doe
Jdoe is attempted, then jodoe until either a free sam account is found or an error is logged.

The second function is called “Generate”:

function generate() {
$character = @("!","$","%","^","&","*","(",")","?")
$letters_low=@("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z")
$letters_cap=@("A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z")
$numbers=@("1","2","3","4","5","6","7","8","9","0")
$itterations = get-random -minimum 8 -maximum 17
[string]$pass_value = ""

for($i = 0; $i -ne $itterations+1;$i++) {
$character_type = Get-random -minimum 1 -maximum 9

switch ($character_type) {
1 { $letter = Get-random -minimum 0 -maximum 26
$pass_value = $pass_value+$character[$letter]
}

2 { $letter = Get-random -minimum 0 -maximum 26
$pass_value = $pass_value+$letters_low[$letter] }

3 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$letters_low[$letter] }

4 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$letters_cap[$letter] }

5 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$character[$letter] }

6 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$numbers[$letter] }

7 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$letters_cap[$letter] }

8 { $letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$letters_cap[$letter]}
}

$letter = Get-random -minimum 0 -maximum 26
$pass_value = $pass_value+$character[$letter]

$letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$letters_cap[$letter]

$letter = Get-random -minimum 0 -maximum 11
$pass_value = $pass_value+$numbers[$letter]
}
return $pass_value
}

Generate creates an 11 – 19 character password for each user. It first goes through and 8 – 16 iterations of randomly chosen Lowercase, Uppercase, Numbers or Symbols. Then it purposely appends a Symbol, A capital letter and a number. This of course limits what the end characters will be with the generator, but it does make sure the password always meets Active directory Minimal password requirements

The rest of the script simply handles data from the API, creates the user and logs the password.
If you have any questions feel free to leave a comment.

The script can be found:
Here on paste bin
OR
Here on github

This script is posted without warranty.

Sharing is caring!

Leave your comment

19 + twenty =