{"id":331,"date":"2018-10-26T10:45:35","date_gmt":"2018-10-26T09:45:35","guid":{"rendered":"https:\/\/blog.van-daag.nl\/?p=331"},"modified":"2020-08-04T12:24:13","modified_gmt":"2020-08-04T11:24:13","slug":"ad-send-mail-on-account-lock","status":"publish","type":"post","link":"https:\/\/van-daag.nl\/?p=331","title":{"rendered":"AD Send mail on Account Lock"},"content":{"rendered":"

At a company where I worked, there was no logging with account lock and the had plans to change the GPO that accounts will not be auto unlocked.
So I also added mailing to the admin of that specific OU (Country)<\/p>\n

I found a script from Maxzor1908 on Technet<\/a>
That was the basic. I Added a lot of extra.<\/p>\n\n\n

# Powershell User Account locked out Maxzor1908 *16\/4\/2013* \n# Checked and edit by Daag van der Meer - 03-10-2018\n# blog.van-daag.nl\n#              Email adress needs to be filled in at the admin account.\n \n##################\n## Temp location for creating HTML email\n##################\n$Report= \"c:\\Temp\\Lockedhtml.html\" \n\n##################\n## Log location\n##################\n$log= \"C:\\Logs\\AccountLocked.csv\"\n \n$HTML=@\" \n<title>Account locked out Report<\/title> \n<!--mce:0--> \n\"@ \n \n$Account_Name = @{n='Account name';e={$_.ReplacementStrings[-1]}} \n$Account_domain = @{n='Account Domain';e={$_.ReplacementStrings[-2]}} \n$Caller_Computer_Name = @{n='Caller Computer Name';e={$_.ReplacementStrings[-1]}} \n \n##################\n## Retrieve eventlog with all value\n##################\n\n             \n$event= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 | \n   Select TimeGenerated,ReplacementStrings,\"Account name\",\"Account Domain\",\"Caller Computer Name\" | \n   % { \n     New-Object PSObject -Property @{ \n      \"Account name\" = $_.ReplacementStrings[-7] \n      \"Account Domain\" = $_.ReplacementStrings[5] \n      \"Caller Computer Name\" = $_.ReplacementStrings[1] \n      Date = $_.TimeGenerated \n    } \n   } \n    \n  $event | ConvertTo-Html -Property \"Account name\",\"Account Domain\",\"Caller Computer Name\",Date -head $HTML -body  \"<H2> User is locked in the Active Directory<\/H2>\"| \n     Out-File $Report -Append \n \n\n##################\n## Retrieve eventlog For filter username\n##################\n\n\n $user= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 | \n   Select ReplacementStrings | \n   % { \n     New-Object PSObject -Property @{ \n      \"Account name\" = $_.ReplacementStrings[-7] \n      } \n   } \n\n$userrename = $user -replace \".*=\" -replace \"}\"\n$userou = Get-ADUser $userrename -Properties DistinguishedName | Select-Object -ExpandPropert DistinguishedName\n\n##############################\n## Here is the ad Groups configured who can unlock accounts\n#############################\n \n\nif ($userou.Contains('OU=<OU>')) {$mail = \"<AD GROUP>\"}\n\nelseif ($userou.Contains('OU=<OU>')) {$mail = \"<AD GROUP>\"}\n\nelse {$mail = \"<AD GROUP>\" }\n\n$adminmail = Get-ADGroupMember $mail | select samaccountname | %{Get-ADUser $_.samaccountname -Properties mail} | %{write-output \"$($_.mail)\"}\n$mailadmin =  $adminmail -join \",\" -replace \",,\"\n\n##################\n## Mail config admin\n##################\n\n\n$MailBody= Get-Content $Report \n$MailSubject= \"User Account locked out\" \n$SmtpClient = New-Object system.net.mail.smtpClient \n$SmtpClient.host = \"<MAIL SERVER>\" \n$MailMessage = New-Object system.net.mail.mailmessage \n$MailMessage.from = \"<FROM MAIL ADRESS>\" \n$MailMessage.To.add(\"<TO MAIL ADRESS>,$mailadmin\") \n$MailMessage.Subject = $MailSubject \n$MailMessage.IsBodyHtml = 1 \n$MailMessage.Body = $MailBody \n$SmtpClient.Send($MailMessage) \n\n\n##################\n## Remove the temp document\n##################\ndel c:\\Temp\\Lockedhtml.html\n\n##################\n## Write to log about the account lock\n##################\n\n$event | Export-Csv $log -NoTypeInformation -Append<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
At a company where I worked, there was no logging with account lock and the had plans to change the GPO that accounts will not be auto unlocked.So I also added mailing to the admin of that specific OU (Country) I found a script from Maxzor1908 on TechnetThat was the basic. I Added a lot […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[34,11],"tags":[],"class_list":["post-331","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-powershell-script"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/posts\/331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/van-daag.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=331"}],"version-history":[{"count":3,"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/posts\/331\/revisions"}],"predecessor-version":[{"id":416,"href":"https:\/\/van-daag.nl\/index.php?rest_route=\/wp\/v2\/posts\/331\/revisions\/416"}],"wp:attachment":[{"href":"https:\/\/van-daag.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/van-daag.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/van-daag.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}