I have follow above steps and able to reproduce this issue. Auto generated password is not as per my settings.

• I have follow above steps, auto generated password is not working as per admin settings.
• 
• 

Hmm maybe we should enable PW reset automagic if we generate a PW as well as generate a 32 char random passwort?

@zero-24 no - we should just make sure that an autogenerated password follows the same rules as defined in the options as a user created password

yes, never noticed this before. But I agree with Brian.
If you setup a password policy in the backend, it must be respected if you choose to generate automatically password.

It's not so easy to do that because the random passwords are coming in by way of random_bytes() (and appropriate PHP 5 backports). It's somewhat hard to create random strings with certain guidelines when you don't have full control over the randomizing functions.

uhm... and what about disabling the automatic password generator when a different policy for password has been configured?

it never uses the config. it is just a random string.

Long and short, if you've got a password policy enabled, unless you grab a massively large block of data from random_bytes() and keep appending characters to the string until you match policy, it's not viable to use random_bytes() as a password generator that has to be policy aware.

Which means changing how the user record is handled in that case. Do you allow NULL passwords or do you cause form validation errors (which prevents saving) on an empty value?

So long and farewell