Add counter to logfile with locked out users

This topic contains 5 replies, has 3 voices, and was last updated by  Tech Gismo 2 years, 6 months ago.

  • Author
    Posts
  • #25379

    Tech Gismo
    Participant

    So I have this little line line logging users that are locked out, what I would like to add to that file, is a counter, that just keeps adding to the X number og users getting logged out.
    Then in a week or so, I can see the list of who gets locked out and how many.

    How do I add that to my line?

    Search-ADAccount -LockedOut -UsersOnly -SearchBase "OU=Users,OU=XYZ,DC=XYZ,DC=NET"  | FT Name,SamAccountName,Office -A | Out-File C:\Lockedout.txt
  • #25380

    Tim Pringle
    Participant

    Hey Tech Gismo,

    Thinking of the top of my head here, but what if you used one of the custom AD properties to store the count? That way you've got the data centrally available and you're able to update it quite easily with Set-ADUser. Increment the value by 1 for each time you run the script (checking for $null so you can use -add instead of -replace).

  • #25385

    Rob Simmers
    Participant

    First, the line you posted won't work. Once you use Format-Table (FT), nothing else is passed to the pipeline. Second, I've never used this command but is there a date property that has the locked date\time? If there is I would use that, otherwise you could just append a date. I tried the command and I don't have any accounts locked to play with, so here is a mock up

    #Imagine that this is the results from day1 of running Search-ADAccount
    $day1 = @()
    $day1 += New-Object -TypeName PSObject -Property @{Name="Smith, John";SamAccountName="JSmith";Office="Vegas"}
    $day1 += New-Object -TypeName PSObject -Property @{Name="Struthers, Sally";SamAccountName="SStruthers";Office="Colorado"}
    #This is...well obvious
    $day2 = @()
    $day2 += New-Object -TypeName PSObject -Property @{Name="Kemp, Frank";SamAccountName="FKemp";Office="Florida"}
    $day2 += New-Object -TypeName PSObject -Property @{Name="Smith, John";SamAccountName="JSmith";Office="Vegas"}
    $day2 += New-Object -TypeName PSObject -Property @{Name="Johnson, Susan";SamAccountName="SJohnson";Office="Vegas"}
    
    #Create an array of the days to enumerate thru...
    $days = $day1, $day2
    
    #Create a blank array...
    $lockedOutHistory = @()
    
    #See if there is already historical data to append, if there is Import into the script
    if (Test-Path -Path "C:\Temp\LockedOutHistory.xml") {
        $lockedOutHistory += Import-CliXML -Path "C:\Temp\LockedOutHistory.xml"
    }
    
    #Counter to increment days
    $i = 0
    #Mock running through day1 and day2 output and append it to any existing data
    $lockedOutHistory += foreach ($SearchADAccount in $days) {
        #Emulate the search being run and append a Date
        $SearchADAccount | Select Name, Office, SamAccountName, @{Label="Date";Expression={(Get-Date).AddDays($i)}}
        #Increment the day
        $i++
    }
    
    #Save output and overwrite the existing XML file
    $lockedOutHistory | Export-Clixml "C:\Temp\LockedOutHistory.xml"
    

    This creates the following and it is saved to the XML:

    PS C:\Windows\System32\WindowsPowerShell\v1.0> $lockedOutHistory | ft -AutoSize
    
    Name             Office   SamAccountName Date                
    ----             ------   -------------- ----                
    Smith, John      Vegas    JSmith         5/19/2015 8:52:38 AM
    Struthers, Sally Colorado SStruthers     5/19/2015 8:52:38 AM
    Kemp, Frank      Florida  FKemp          5/20/2015 8:52:38 AM
    Smith, John      Vegas    JSmith         5/20/2015 8:52:38 AM
    Johnson, Susan   Vegas    SJohnson       5/20/2015 8:52:38 AM
    

    If this was running daily, you would have a historical record of the dates that users had their accounts locked and could do searches and reporting against it:

    PS C:\Windows\System32\WindowsPowerShell\v1.0> $lockedOutHistory | Group-Object -Property SamAccountName -NoElement | Sort-Object Count
    
    
    Count Name                     
    ----- ----                     
        1 SStruthers               
        1 FKemp                    
        1 SJohnson                 
        2 JSmith                   
    
    
    
    PS C:\Windows\System32\WindowsPowerShell\v1.0> $lockedOutHistory | Where{$_.SamAccountName -eq "JSmith"} | ft -AutoSize
    
    Name        Office SamAccountName Date                
    ----        ------ -------------- ----                
    Smith, John Vegas  JSmith         5/19/2015 8:52:38 AM
    Smith, John Vegas  JSmith         5/20/2015 8:52:38 AM
    

    The actual script would look like:

    #Create a blank array...
    $lockedOutHistory = @()
    
    #See if there is already historical data to append, if there is Import into the script
    if (Test-Path -Path "C:\Temp\LockedOutHistory.xml") {
        $lockedOutHistory += Import-CliXML -Path "C:\Temp\LockedOutHistory.xml"
    }
    
    #Run the command and append to current history
    $lockedOutHistory += Search-ADAccount -LockedOut -UsersOnly -SearchBase "OU=Users,OU=XYZ,DC=XYZ,DC=NET" | Select Name, Office, SamAccountName, @{Label="Date";Expression={(Get-Date)}}
    
    #Save output and overwrite the existing XML file
    $lockedOutHistory | Export-Clixml "C:\Temp\LockedOutHistory.xml"
    

    This would give you historical data on when accounts were locked. If this is a "mission critical" functionality, you should consider putting it in a SQL database that is backed up. You can do as Tim suggested too, but just having a count isn't going to really do anything for you without knowing when they were locked out IMO.

    Anytime you need to see what's going on, you just import the history and can start running commands against it:

    $myHistory = Import-CliXML -Path "C:\Temp\LockedOutHistory.xml"
    

    Using XML will retain the Date\Time data type so you don't have to do any conversions and can do quick reporting.

  • #25390

    Tech Gismo
    Participant

    @ Rob

    It works great but I can't figure out how to change the headline "Office" to Description or better yet, have both fields.

    First things first: The "Office headline are empty when I import the .XML file it has the well known {} under it. Another thing is that if I change "Office" to "Description" the "Office" headline is not getting replaced by "Description".

    Second: You say my one-liner doesn't work? It actually does. I don't think it has read your comment on this matter yet...;-) I agree it doesn't work as great as your script but I can open a textfile with users who are logged out at the time I run the script.

    @ Tim
    Thanks for the tips.

  • #25393

    Rob Simmers
    Participant

    Again, I've never used the Search-ADAccount cmdlet, so I don't know what it returns. If you run:

    Search-ADAccount -LockedOut -UsersOnly -SearchBase "OU=Users,OU=XYZ,DC=XYZ,DC=NET"  | Select *
    

    What properties are available? If Office, Description are not there, then you have to get them. I would assume SamAccountName is returned, so you would have to do something like:

    Search-ADAccount -LockedOut -UsersOnly -SearchBase "OU=Users,OU=XYZ,DC=XYZ,DC=NET" | Select Name, @{Label="Description";Expression={(Get-ADUser $_.SamAccountName -Property Description | Select -ExpandProperty Description)}}, SamAccountName, @{Label="Date";Expression={(Get-Date)}}
    
  • #25453

    Tech Gismo
    Participant

    It actually worked 🙂 I just had to delete the originally created .XML file because the headline "Office" doesn't change and the missing information I was looking didn't load either, but after I ran the script again then I got the info I wanted plus all the extra features your script adds.

You must be logged in to reply to this topic.