Fine Grained Password Policies

Question

I'm disappointed to see that in ARS 7.2, still, the Generate Password function does not take into account Fine Grained Password Policies. 
 Has anyone else found a way to get around this? I have different departments that need to have different length passwords and our service desk don't like that the auto-generate function then gives the error saying that it doesn't match the complexity requirements (and I agree it's not ideal) 
 Looking at the Script Module "Generate User Password" I can see that it's possible fairly easily to force all generated passwords to a longer lengh, but I need it to either check the Fine-Grained Password Policy applied, or to be able to amend it and say something like - if the user is a member of group XXX, then it needs to be Y characters 
 In PS I'd find this fairly easy, but for some reason Quest still seem to be using VBScripts for this....... 
 Any suggestions or pointers would be very much appreciated.

JohnnyQuest · Accepted Answer

Strictly speaking, there's absolutely nothing preventing you from implementing your own, more sophisticated PoSh-based password generation script that takes into account fine grained password policies. Should Quest ship such a beast with the product? We can debate that all day long but as I say, you aren't going to break anything or "void your warranty" by doing your own. 
 Heck, there's even an AD cmdlet for finding out what they are in your environment: Get-ADFineGrainedPasswordPolicy

Endpoint Privilege Management

Fine Grained Password Policies