Generating Random User Account Passwords with Dsmigrate When a Strong Password Policy Exists in Active Directory

ID: Q228408

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server

SUMMARY

You can use the Directory Service Migration tool (Dsmigrate) to generate random passwords for user accounts before migrating the User objects to Active Directory. However, before completing the "Configure objects to Active Directory" task (actually migrating the objects to Active Directory), you must ensure that passwords generated by Dsmigrate for the user accounts comply with any existing Windows 2000 "strong password" policies being enforced in Active Directory.

Note that this is an issue only if you are migrating User objects into an Active Directory environment that enforces a "strong password" policy.


MORE INFORMATION

Generating Passwords with Dsmigrate

Dsmigrate includes the following options for controlling user password generation:
  • Use the Generate Password option settings to globally determine how passwords are handled when you create and merge User objects. Right-click the Directory Service Migration Tool container, click Options, and then click the Generate Password tab in the Options dialog box.


  • Select a view and automatically run the Generate User Password function. This sets the password for all the User objects in the view. Right-click a view, click All Tasks, and then click Generate User Password.


  • Use the User Object properties to set the password property for a User object. Double-click a user and then click the Password tab in the User Properties dialog box.


When you use any of these methods to generate a user password, you are prompted to select the type of password to generate as follows:
  • Assign No Password to Each User


  • Assign a Unique Randomly Generated Password to Each User


  • Set Each Password to the User's Logon Name


  • Assign Each User the Same Custom Password


When you select the type of password to generate, consider what (if any) password policies exist in the Windows 2000 Active Directory environment to which you are migrating the User objects. Assign only passwords that comply with existing policies.

In the case of assigning a unique random password to each user, the Dsmigrate password-generation algorithm generates and assigns a 10-character password to each User object. When you view the list of randomly generated passwords, be sure to determine that these passwords comply with any existing Windows 2000 "strong password" policies being enforced in the Active Directory environment into which the User objects will be migrated.

Viewing a List of Passwords Generated by Dsmigrate

  1. Right-click the Directory Service Migration Tool container, and then click Browse Logs.


  2. Expand the tree in the left pane of the Log Viewer dialog box to find the appropriate user password generation log. The logs are identified by date and time.


  3. Click the appropriate log, click Filter, click to select the Information check box, and then click OK. The passwords assigned to each user by Dsmigrate appear in the right pane.


Additional query words:

Keywords : kbenv kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.