Question about user account passwords

[7MinSec]

Hello there,

First of all, I REALLY like what you're doing with Bad Blood. I've had it bookmarked forever and was super excited to give it a spin in the lab today. I have a fresh 2016 DC and ran BB on it and now my domain is very dirty - awesome.

Question for you on user credentials. For grins I used ntdsutil to dump out all the hashes and was having some folks test cracking passwords on those accounts. After not cracking a single password for quite a while, I looked at the CreateUsers.ps1 and can see the function for adding random/strong passwords to users.

To make this environment feel a little more like a typical customer network, I'd like to tweak that script to have a minimum length of 8 and maximum length of 12 character passwords. I think I see where to do that in the script, but ideally I'd also have the password itself come from a list of passwords I specify.

I'm not too sharp with PowerShell so if you have any advice please let me know, otherwise yes I'll certainly RTFM for PowerShell if that's the next best step 👍

Thanks! Brian

[7MinSec]

Follow up: looks like I could do a mass password reset with something like this (https://www.mowasay.com/2016/10/active-directory-changing-passwords-for-users-in-bulk-using-a-csv-file/) but I'd rather just do it upon BB doing it's mojo.

[kamsalisbury]

I looked at the code briefly and it looks like you can edit the CreateUsers.ps1 script, lines 128, 137, 143 and 147 to get closer to the goal. Update: I had to re-create my lab's test DC and domain so re-ran after modifying the minimum password length and other lines identified in this post and had no problem.

[7MinSec]

Thanks @kamsalisbury I'll give it a look!