Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Name: Email-AccountLockout.ps1
- # Author: James Schlackman
- # Last Modified: May 18 2017
- #
- # Automatically emails the appropriate help desk when a user's AD account is locked out.
- # Runs on the Domain Controller with the PDC emulator role and triggered by a scheduled task
- # attached to event ID 4740 in the Security event log.
- param(
- [string]$username
- )
- Import-Module ActiveDirectory
- # Set up mail sending parameters
- $MailRelay = "smtp.contoso.com"
- $Subject = "AD Account Locked Out: $username"
- $FromAddress = "$env:COMPUTERNAME <no-reply@contoso.com>"
- # Determine which Help Desk queue to send this to
- $UserDesc = (Get-ADuser -LdapFilter "(samaccountname=$username)" -Properties "description").Description
- If ($UserDesc -match "Campus East") {
- $ToAddress = "easthelpdesk@contoso.com"
- } ElseIf (($UserDesc -match "Campus West") -Or ($UserDesc -match "Campus South")) {
- $ToAddress = "southwesthelpdesk@contoso.com"
- } Else {
- $ToAddress = "helpdesk@contoso.com"
- }
- # Set up anonymous credentials so Exchange doesn't choke on the server account credentials
- $anonUsername = "anonymous"
- $anonPassword = ConvertTo-SecureString -String "anonymous" -AsPlainText -Force
- $anonCredentials = New-Object System.Management.Automation.PSCredential($anonUsername,$anonPassword)
- # Create the body of the email
- $body = "<html><head><style>body {font-family: Calibri, sans-serif; font-size: 11pt} p.footer {font-size: 9pt; font-style: italic; color: gray}</style></head><body><p>`
- The Active Directory account for <strong>$username</strong> has been locked out after too many failed login attempts.`
- The affected user will no longer be able to log in to any system that authenticates directly to AD or LDAP until the account is unlocked by an administrator`
- or until the lockout expires (normally 1 hour after the initial lockout).</p><br>`
- <p>The event log on $env:COMPUTERNAME will have further information: check the Event Viewer under <b>Windows Logs\Security</b> and filter on Event ID <b>4740</b> for more details.</p><br>`
- <p class=""footer"">This is a scripted message sent via the Task Scheduler on $env:COMPUTERNAME. Do not reply to this message.</p></body></html>"
- # Send email notification
- Send-MailMessage -SmtpServer $MailRelay -Subject $Subject -From $FromAddress -BodyAsHtml $Body -To $ToAddress -credential $anonCredentials
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement