This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
Currently, a custom password generation and verification method is used to generate the new password. It is passed around in clear text variables where it could be captured. It should remain a secure string at all times to mitigate this vulnerability.
I might use [System.Web.Security.Membership]::GeneratePassword(20,3) to generate the strong password but we can't verify it will pass complexity requirements without reading the plain text. We can meet length and special symbol requirements so that only leaves upper\lower case letters and maybe digits. It is possible that a password with letters of the same case could be generated and fail.
Currently, a custom password generation and verification method is used to generate the new password. It is passed around in clear text variables where it could be captured. It should remain a secure string at all times to mitigate this vulnerability.
I might use
[System.Web.Security.Membership]::GeneratePassword(20,3)to generate the strong password but we can't verify it will pass complexity requirements without reading the plain text. We can meet length and special symbol requirements so that only leaves upper\lower case letters and maybe digits. It is possible that a password with letters of the same case could be generated and fail.https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membership.generatepassword?view=netframework-4.8