locked users and location of lockedout only for specific OU

[Sta_Pol41 Participant Topics: 1 Replies: 3 Points: 3Rank: Member]

HI,

somebody have a working script for this purpose?

i have a working script that searching for locked users in <u>specific OU</u>, exports this to csv and sending mail…

need to know the location where this users are locked…

something like this, but only for specific OU or only for users (samaccounts) from csv:

User LockoutTimeStamp LockoutSource

User 27/04/2020 9:07:42 OFK-NAS

thank you

[Olaf Participant Topics: 10 Replies: 2480 Points: 6,537Rank: Community MVP]

Sta_Pol41 wrote:

need to know the location where this users are locked…

You will need to query every sinlge DC’s eventlog for that information.

[Sta_Pol41 Participant Topics: 1 Replies: 3 Points: 3Rank: Member]

Olaf wrote:

Sta_Pol41 wrote:

need to know the location where this users are locked…

You will need to query every sinlge DC’s eventlog for that information.

even if only one dc have a pdcemulator?

and how i can do it?

10x

[Rob Simmers Participant Topics: 17 Replies: 1956 Points: 4,010Rank: Community Hero]

Have you searched? This is covered many many times…

Use PowerShell to Find the Location of a Locked-Out User

[Sta_Pol41 Participant Topics: 1 Replies: 3 Points: 3Rank: Member]

Rob Simmers wrote:

Have you searched? This is covered many many times…

Use PowerShell to Find the Location of a Locked-Out User

<iframe class=”wp-embedded-content” title=”“Use PowerShell to Find the Location of a Locked-Out User” — Scripting Blog” src=”https://devblogs.microsoft.com/scripting/use-powershell-to-find-the-location-of-a-locked-out-user/embed/#?secret=s4gDyQldcC&#8221; width=”600″ height=”325″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ scrolling=”no” sandbox=”allow-scripts” data-secret=”s4gDyQldcC” data-mce-fragment=”1″></iframe>

been in this page a lot of times … believe me i am searched…

i cant see in this page working example for specific OU, not all domain

 

[Rob Simmers Participant Topics: 17 Replies: 1956 Points: 4,010Rank: Community Hero]

Finding a script that fits exactly what you want is more luck than probable. Get-ADUser has a parameter to limit the scope to an OU, you just need to update the command to return what you want:

-SearchBase
Specifies an Active Directory path to search under.

When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.

When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.

When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.

When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.

[Sta_Pol41]

Ok, can you help me with this code? what i do wrong …?  its works , but with 2 problems

1.  its not realy checks only users from one OU, a see all the locked users from domain

2. export command exporting to csv only one user, in ps terminal i see a lot of users, but in mail and in csv exported file only one

$UserInfo = Search-ADAccount -LockedOut -SearchBase “OU=Users,OU=HERUM,DC=Domain,DC=GOV” -SearchScope Subtree
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName=’Security’;Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
#Parse and filter out lockout events
Foreach($Event in $LockedOutEvents)
{
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
{

$Event | Select-Object -Property @(
@{Label = ‘User’; Expression = {$_.Properties[0].Value}}
# @{Label = ‘DomainController’; Expression = {$_.MachineName}}
# @{Label = ‘EventId’; Expression = {$_.Id}}
@{Label = ‘LockTime’; Expression = {$_.TimeCreated}}
@{Label = ‘Message’; Expression = {$_.Message -split “r” | Select -First 1}}
@{Label = ‘LockLocation’; Expression = {$_.Properties[1].Value}}
)| export-csv -path C:\pslocked\locked.csv

}}

if((Get-Content “C:\pslocked\locked.csv”) | %{$_ -match $UserInfo})

{
$Header = @”
<style>
TABLE {border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}
TH {border-width: 1px; padding: 3px; border-style: solid; border-color: black; background-color: #6495ED;}
TD {border-width: 1px; padding: 3px; border-style: solid; border-color: black;}
</style>
“@

$user = (Import-Csv C:\pslocked\locked.csv | ConvertTo-Html -Property User, Message, LockLocation, LockTime -Head $Header)
$mailBody =
@”
<center><b>
$user
$LockoutTimeStamp
$LockoutSource
</b></center>
“@
Send-MailMessage -Body $mailBody -BodyAsHtml
-From ‘Admin <[email protected]>’ -To ‘admin1 <[email protected]>’, ‘admin2<[email protected]>’ -Subject “locked users” -Encoding $([System.Text.Encoding]::UTF8) -Priority High -DeliveryNotificationOption OnSuccess, OnFailure -SmtpServer mailserver.com

}

else{
scriptbock
}

• This reply was modified 9 months ago by Sta_Pol41.
• This reply was modified 9 months ago by Sta_Pol41.
• This reply was modified 9 months ago by Sta_Pol41.
• This reply was modified 9 months ago by Sta_Pol41.

[Author]

Posts