Powershell

Powershell script to email locked out accounts

powershell window box

1. Save the following into a file e.g lockedout.ps1

Import-Module ActiveDirectory -ErrorAction SilentlyContinue

$Result = Get-ADUser ((Search-ADAccount -LockedOut).SamAccountName) | Select SamAccountName,Surname,GivenName,DistinguishedName | ConvertTo-Html | Out-String
If ($Result)
{ Send-MailMessage -To email@me.com.au -From admin@somewhere.net.au -Subject "Currently Locked Out Accounts" -Body $Result -BodyAsHtml -SmtpServer mail.somewhere.net.au
}

2. Setup up a task schedule to start at 12.00 AM and repeat every 15 minutes for the duration of 1 day.

Use this as the command:

Program/script: “powershell.exe”

Arguments: -noprofile -executionpolicy unrestricted -file “C:\scripts\lockedout.ps1”

You will now get emails when accounts get locked out.

E.g

SamAccountName   Surname Given Name   DistinguishedName

abcuser   Joe Bloggs   CN=Joe Bloggs, OU=Staff Accounts, DC=company.local

 

 

(Visited 21 times, 1 visits today)
No votes yet.
Please wait...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.