NS News & Views

By Clive Norman
List all 37 articles

Locked out user email notification

| Tags: DevOps PowerShell SysAdmin QuickTip

It recently occurred to me, that whilst my current full-time position is an IT Systems Manager, the majority of my blog posts thus far, have been more web centric – which is great, as I love the web and web technologies!

However, I felt in the interest of balance, I should introduce a few more tips and tricks that we use on a regular basis, in a more ‘operations’ capacity.

This post is a QuickTip, in the sense that it won’t digress into inner details, the whys and wherefores; designed to be quickly referenced.


Problem

You have an Network Password Policy in place – you would like to be notified (preferably by email) when an account is locked out.

Solution

In truth, there are numerous solutions on the internet about how to implement this functionality - this post is just how we do it.

Place a copy of the below PowerShell script in an appropriate folder on your Domain Controller (configure relevant email variables in the script, accordingly).

########################################################################
# Please Configure the following variables - $smtpServer and $from
# Leave the $event and $body variables as they are
$smtpServer="YOUR SMTP SERVER"
$from = "SET FROM EMAIL ADDRESS"
$event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1
$body = $event.Message + "`r`n`t" + $event.TimeGenerated
########################################################################

Send-Mailmessage -smtpServer $smtpServer -from $from -to $from -subject "Account Lockout" -body $body -priority High

Schedule a task on your Domain Controller, to trigger whenever the event log receives a Security Log Event 4740.

Set the task scheduler action to Start a Program (path to the local PowerShell executable).

Pass in the the PowerShell script as an optional argument using the –file switch.

(example: -file “\LockOutNotification.ps1”)


That’s it!

You should now receive an email notification each time a user account is locked out.

(please note: as mentioned previously in this article, there a numerous posts on the internet about how to perform this functionality, and I would not wish to claim any form of unique authorship of the procedure – this is just the method that we have implemented at St Mary’s Shaftesbury)