cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

powershell script

Louaialobaidi
Copper Contributor

‎Oct 05 2023 07:06 AM

‎Oct 05 2023 07:06 AM

powershell script

Hi 

 

I need a powershell script that when AD user account is locked out the admin will get a notification email.

 

 

Thank you

314 Views
0 Likes
3 Replies
Reply
3 Replies
somnio0505

‎Oct 05 2023 11:49 PM - edited ‎Oct 05 2023 11:52 PM

‎Oct 05 2023 11:49 PM - edited ‎Oct 05 2023 11:52 PM

Re: powershell script

Hi, Louaialobaidi

How about to using 'Task Scheduler" (taskschd.msc).

New scheduled task

- Trigger : Event ID 4740

- Action : Run powershell script (noti.ps1)

 

eg. noti.ps1 ########################################################################

$SMTPServer = '1.1.1.1' # Your SMTP Server

$Subject = 'Account Lock Notification'

$From = 'noti mail account'

$To = 'admin mail acount'

$Time = (get-date -Format yyyy.mm.dd)

$Body = "Some account locked out at $Time ."

# If you want to show locked accounts, it might be a good idea to proceed another way.

 

Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -SmtpServer $SMTPServer ########################################################################

 

* Event ID 4740 (https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4740)

 

I did not provide a detailed script, but if you have any questions, please feel free to reply.

0 Likes
Reply
randriksen_

‎Oct 06 2023 02:48 AM

‎Oct 06 2023 02:48 AM

Re: powershell script

 @Louaialobaidi 

 

As @somnio0505 suggests, make a scheduled task triggered on the event

 

and have it run something like this:

$alert = Get-EventLog -LogName security -instanceid 4740 -Newest 1
$body = $alert.message



#Send email with the report
$smtpServer = "yourmailserver"
$smtpPort = 25
#$smtpUsername = "email address removed for privacy reasons"
#$smtpPassword = "your_email_password"
             
$to = "sendto"
$from = "sendrom"
$event = $alert.entrytype
$time = $alert.TimeGenerated
$subject = "$event - $time"
             
$message = New-Object System.Net.Mail.MailMessage $from, $to
$message.Subject = $subject
$message.Body = $body
#$message.IsBodyHtml = $true
             
$smtp = New-Object System.Net.Mail.SmtpClient $smtpServer, $smtpPort
#$smtp.EnableSsl = $true
#$smtp.Credentials = New-Object System.Net.NetworkCredential $smtpUsername, $smtpPassword

$smtp.Send($message)

You'll have to adapt it to your email server and environment, but it should work as long as you get the right event code

 

 

-Ole

2 Likes
Reply
somnio0505

‎Oct 06 2023 03:30 AM

‎Oct 06 2023 03:30 AM

Re: powershell script

@randriksen I missed that way.
Thank you for completing my insufficient answer.
1 Like
Reply