Email notification from account lockout.

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Brent Laise Brent Laise 3 years, 10 months ago.

  • Author
    Posts
  • #9964
    Profile photo of Brent Laise
    Brent Laise
    Participant

    Hello all
    Was wondering if anyone can help me out. Looking to setup a second email notification on a script to a different email address The second message is getting sent to the affected user. the first message gets sent to our helpdesk ticketing software.

    Here is the code

    import-module activedirectory
    $Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1
    $Usr = $Event.Message -split [char]13
    # [#] is the line number in the output
    $Usr = $Usr[10]
    # (#) is the substring of that line
    $Usr = $Usr.substring(17)
    $Usr2 = Get-ADUser $Usr | Select-Object -ExpandProperty name
    $OU = Get-ADUser $Usr -Properties distinguishedname,cn | select @{n='AD OU: ';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}}
    $Email = Get-ADUser $Usr -Properties mail
    $TelephoneNumber = Get-ADUser $Usr -Properties telephoneNumber | Select-Object -ExpandProperty telephoneNumber
    
    #send lockout notification to helpdesk ticketing system.
    $MailBody= $Event.Message + "`r`n`t" + $Event.TimeGenerated + "`r`n`t" + $OU + "`r`n`t" + $Email.mail + "`r`n`t" + "Direct: $TelephoneNumber" + "`r`n`t" + "`r`n`t" + "*ATTENTION* Do not automatically unlock the user's account, please follow up with them first"
    $MailSubject= "User Account Locked Out: " + $Usr2
    $SmtpClient = New-Object system.net.mail.smtpClient
    $SmtpClient.host = "newport.wesley.int"
    $MailMessage = New-Object system.net.mail.mailmessage
    $MailMessage.from = "AcctLockNotify@wesley.edu"
    $MailMessage.To.add("helpdesk@wesley.edu")
    $MailMessage.IsBodyHtml = 0
    $MailMessage.Subject = $MailSubject
    $MailMessage.Body = $MailBody
    $SmtpClient.Send($MailMessage)
    
    #send message to the locked out users
    $SmtpClient = New-Object system.net.mail.smtpClient
    $SmtpClient.host = "newport.wesley.int"
    $MailMessage.from = "AcctLockNotify@wesley.edu"
    $MailMessage.To.add("$email.mail")
    $MailMessage.Body = "$Usr2  Your wesley logon has been locked out. Please contact the IT DepT (302)736-4199, or come to the IT Dept. office to have your Wesley Account unlocked."
    $SmtpClient.Send($MailMessage)
    

    I don't know if I'm missing something.

    Thanks.
    Brent.

  • #9965
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well... since we obviously can't test this in your environment, what do you *think* you're missing? Is this not working?

    (and, out of curiosity, if someone's account is locked out, how will they receive that e-mail message?)

  • #9966
    Profile photo of Brent Laise
    Brent Laise
    Participant

    The issue is the second email is getting sent to the first recipient. Not the affected user.
    So we are getting 2 tickets generated. (first email to ticket system / 2 email to user)
    The user will get the email because there email address is housed off site (Office365) They use there AD accounts for wifi access and Local lab PC logon.

    Sorry for the lac of info.

  • #9968
    Profile photo of Don Jones
    Don Jones
    Keymaster

    That's because you aren't creating a new $MailMessage for the second message. You're using the old one, and adding a second recipient to it.

  • #10113
    Profile photo of Brent Laise
    Brent Laise
    Participant

    Hey Don sorry for the delay in response from you reply.
    after trying to create a new $mailmessage for the second recipient and failing. I went a different route.

    Here is the code
    #gathering information about the User getting lockedout.
    $Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1
    $Usr = $Event.Message -split [char]13
    # [#] is the line number in the output
    $Usr = $Usr[10]
    # (#) is the substring of that line
    $Usr = $Usr.substring(17)
    $Usr2 = Get-ADUser $Usr | Select-Object -ExpandProperty name
    $OU = Get-ADUser $Usr -Properties distinguishedname,cn | select @{n='AD OU: ';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}}

    #Creating Variables for the sending out email.
    $UsersEmail = Get-ADUser $Usr -Properties mail | select -ExpandProperty mail
    $OfficePhone = Get-ADUser $Usr -Properties officephone | Select-Object officephone
    $MailBody = $Event.Message + "`r`n`t" + $Event.TimeGenerated + "`r`n`t" + $OU + "`r`n`t" + $Email.mail + "`r`n`t" + "Direct: $TelephoneNumber" + "`r`n`t" + "`r`n`t" + "*ATTENTION* Do not automatically unlock the user's account, please follow up with them first"
    $MailSubject = "User Account Locked Out: " + $Usr2
    $MailServer = "newport.wesley.int"
    $MailSender = "AcctLockNotify@wesley.edu"
    $MailHelpdesk = "helpdesk@wesley.edu"

    #sending the email to the Helpdeskt Ticket system.
    Send-MailMessage -From $MailSender -Body $MailBody -Subject $MailSubject -To $MailHelpdesk -SmtpServer $MailServer

    #this is a test out-file to verify that the script was working past the first send email portion of the script.

    $test = "$usr"
    $test | Out-File "c:\$usr.txt"

    #setting variables for message to affected user.
    $UserSubject = "Wesley College Account Locked Out."
    $ToUserBody = "$Usr2 Your Wesley WiFi & PC logon account has been locked out. Please contact the IT Department at (302) 736-4199, or come to the IT Department to have your Wesley account unlocked."

    #Sending email to affected user.
    Send-MailMessage -From $MailSender -Body $ToUserBody -To $UsersEmail -Subject $UserSubject -SmtpServer $MailServer

    if you notice that i added a test portion to this script. I Create a variable $test and add the users name to it, then I out-file that to verify that the script gets past the first send-mailmessage.
    there was no file created so that tells me that the script ends after the first send-mailmessage.

    There were other tests that I have done to verify that the user can still get emails once their locked out.
    once the user is locked out, I would simply create a quick send-mailmessage using the meta-data that would be gathered from the main script.
    The email does get to the users in-box.

    So then I tested sending 2 send-mailmessages to 2 different users in the same script.
    Basicly the script was this.
    $usr1 = 'firstemail@email.bla'
    $usr2 = 'secondemail@email.bla'
    $mailbody = 'test body msg'
    $MailSubject = 'test emails'
    $MailServer = 'newport.wesley.int'
    $MailSender = 'AcctLockNotify@wesley.edu'

    Send-MailMessage -To $usr1 -from $mailsender -Subject $mailsubject -Body $mailbody -SmtpServer $PSEmailServer
    write-host "sent first email"
    Write-Host " sending second email"
    Send-MailMessage -To $usr2 -from $mailsender -Subject $mailsubject -Body $mailbody -SmtpServer $PSEmailServer
    Write-Host " sent second email"

    This test worked.

    So this is where I stand.
    Thanks for the help so far.
    Brent.

You must be logged in to reply to this topic.