1. I don´t like -admins and -admin, can I change it?
Sure. Just edit the scripts and replace the endings with your desired ones.
2. I set the expiration to -1, what will happen?
As mentioned inside the result windows, the account will already be expired. This is the option you can use to force an expiration, instead of waiting for it.
3. Why are you disabling expired accounts?
It is not necessary to disable the account from a security perspective. If it is expired, it can not be used. Disabling the account is only an optical help. The icon of a user in Active Directory Users and Computers (dsa.msc / ADUC) does not change, when the account expires. Disabling makes the expiration more obvious on first view.
4. The passwords look familiar, where do they come from?
I thaught songs and artist could be easily remembered. Combining them with special characters and digits makes the usage much easier than passwords like K8(„xSpwxS!. Feel free to add and change the songs.csv to your favorite music. Any other kind of dictionary is possible.
5. Why are you only using „!“,“+“,“-„,“@“ as special characters?
This is because of the big amount of different languages and keyboard layouts. This 4 special characters are usally well known on the keyboards. Keep it simple. The password is long, it´s complex and it will be only valid for a short period of time. It is secure (enough).
6. Does the Password length meet my Password Policy?
Yes, 12beAdmin reads the length from Default Domain Policy and definies it as the minimum length. It does not consider Password settings objects. You can manually edit the $MinLen inside 12beAdmin.ps1
7. Install RSAT fails with 0x800f0954
Set Policy Computer Configuration\Administrative Templates\System „Specify settings for optional component installation and component repair“ to Enabled and activate/check „Download repair content and optional features directly from Windows Updates instead of Windows Server Updates Services (WSUS)“