-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathADLockoutAlert.ps1
20 lines (15 loc) · 1 KB
/
ADLockoutAlert.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# ADLockoutAlert.ps1, written 2018-06-10 by ngwmddgh
# Feed a ticketing or other email-interfaced system whenever an AD account is locked.
# Future revision should query email address directly rather than infer it from combination of username and domain.
import-module activedirectory
$AccountLockOutEvent = Get-EventLog -LogName "Security" -InstanceID 4740 -Newest 1
$LockedAccount = $($AccountLockOutEvent.ReplacementStrings[0])
$AccountLockOutEventTime = $AccountLockOutEvent.TimeGenerated
$AccountLockOutEventMessage = $AccountLockOutEvent.Message
$ADUserDisplayName = (Get-ADUser $LockedAccount -Properties DisplayName).DisplayName
$recipients = "[email protected]"
send-mailmessage -from "[email protected]" `
-to $recipients `
-subject "Account Locked Out: $LockedAccount" `
-body "Account $LockedAccount was locked out on $AccountLockOutEventTime.`n`nEvent Details:`n`n$AccountLockOutEventMessage`n`nUser: $ADUserDisplayName" `
-smtpServer smtp.domain.tld