?
Solved

Account lockout report

Posted on 2014-02-10
5
Medium Priority
?
885 Views
Last Modified: 2014-03-28
Is there a good script I can run so the Helpdesk can review reports daily if there are account lockouts.  It would be nice to set this up so they don't have to bother higher support if there is a rogue machine locking the account out.  More specifically 4740 events.  A pdf format would be great as an output and placed on a share.
0
Comment
Question by:mystikal1000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Expert Comment

by:nacAdmin
ID: 39848121
Hello,

Have you looked at the powershell plugins from Quest (Dell)? We use them here to proactively alert users of when their AD password is going to expire, etc. Take a look at them here: http://www.quest.com/powershell/activeroles-server.aspx

I am sure you can use them to create a report as you describe;

HTH,

David
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39848344
You can easily accomplish this using the built-in commands with powershell. Use the following syntax below...
The command below gets all AD users that are disabled in your environment and exports to a CSV file
get-aduser -Filter * -Properties * | ? {$_.Enabled -eq $False} | select displayname, samaccountname, enabled, whenChanged | Export-Csv -NoTypeInformation c:\DisabledUsers.csv

Open in new window


If you want to narrow the search down to each day you can use the below syntax...
$date = get-date
Get-ADUser -Filter * -Properties * | ? {$_.Enabled -eq $false -and $_.whenChanged -eq $date.adddays(-1)} | select displayname, samaccountname, enabled, whenChanged | Export-Csv -NoTypeInformation c:\DisabledUsers1day.csv 

Open in new window


Unfortunately you cannot export to a PDF file so for both examples i have exported to a CSV.

Will.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39848596
You can use below PowerShell script to find out locked out accounts if you have 2008 R2 Domain controller
http://gallery.technet.microsoft.com/scriptcenter/Get-list-of-Active-04059d53

Alternatively you can use 3rd party tools such as Manage Engines
http://www.manageengine.com/products/ad-manager/windows-active-directory-account-lockout-disabled-users-reports.html

Mahesh
0
 
LVL 2

Expert Comment

by:allen_rich
ID: 39849254
To Try the Powershell script for Account Lockout:

$Event=get-eventlog -log security | where {$_.eventID -eq 4740} | Sort-Object index -Descending | select -first 1
$MailBody= $Event.message

$MailSubject= "User Account locked out"
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "smtp.domain.com"
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = "AcctLockNotify@domain.com"
$MailMessage.To.add("helpdesk@domain.com")
$MailMessage.IsBodyHtml = 1
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody
$SmtpClient.Send($MailMessage)
0
 
LVL 1

Author Comment

by:mystikal1000
ID: 39853183
Allen_Rich - Instead of email, is there a way to export this data in a file each day?  I rather not use a 3rd party tool?  Do I have to run this script on all DC's?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question