Photo Gallery Member List Search Calendars FAQ Ticket List Log Out


Account lockout in AD

  		Logged in as: Guest
arrSession:exec spGetSession 2,2,61572
Active Users: There are 0 members and 0 guests.
Users viewing this topic: none
 

 

  
 
  Printable Version
All Forums >> [Scripting] >> WSH & Client Side VBScript >> Account lockout in AD
  Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks! 		Page: [1]
Login
Message << Older Topic   Newer Topic >>
Account lockout in AD - 6/18/2008 4:07:16 AM   
  elzy1974

 

Posts: 3
Score: 0
Joined: 6/18/2008
Status: offline 		Does anyone know how to write a script that will notify me in some form when a user account gets locked out in Active Directory? I am new to VBS scripting.

Here is the tree to our users path:

Active Directory Users and Computers [NGILA1DCIM00.il.ng.ds.army.mil]
   il.ng.ds.army.mil
        IL
             Users
                  Ellsworth, Keith A




I figured out how to unlock accounts, but I want to be notified if when they get locked.
Here is what I have for unlocking accounts:

Set objUser = GetObject _
   ("LDAP://CN=Ellsworth\, Keith A,OU=Users,OU=IL,DC=il,DC=ng,DC=ds,DC=army,DC=mil")
objUser.IsAccountLocked = False
objUser.SetInfo


Except this script only does a particular user.


< Message edited by elzy1974 -- 6/20/2008 6:27:07 AM >
 
 
Post #: 1
 
RE: Account lockout in AD - 7/13/2008 12:17:18 AM   
  TomRiddle


Posts: 190
Score: 4
Joined: 2/7/2008
Status: offline 		http://visualbasicscript.com/m_58499/tm.htm

This is what I wrote to find locked out accounts, A problem is that the lockout event is logged by only one domain controller. So this script locates all domain controllers and then scans their event logs for eventID 539, note 529 does not work that well. If you leave the userid filter clear, it will search on all userids, note this may take some time especially on a big mil domain.

But something like this tweaked for your purpose.
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/monitoring/eventlogs/


      

Try Pointing it at each domain controller changing it to read EventId 539

(in reply to elzy1974)
 
 
Post #: 2
 
RE: Account lockout in AD - 7/13/2008 2:19:09 AM   
  dm_4ever


Posts: 2664
Score: 46
Joined: 6/29/2006
From: Orange County, California
Status: offline 		Do you guys use Microsoft's MOM or SCOM ? This would really be a better tool to use to monitor for this type of thing.

_____________________________

dm_4ever

My philosophy: K.I.S.S - Keep It Simple Stupid
Read Me: http://www.visualbasicscript.com/m_24727/tm.htm
Frequently Asked Stuff: http://www.visualbasicscript.com/m_47117/tm.htm

(in reply to elzy1974)
 
 
Post #: 3
 
RE: Account lockout in AD - 7/13/2008 10:51:43 AM   
  TomRiddle


Posts: 190
Score: 4
Joined: 2/7/2008
Status: offline 		That would be nice, but no MOM yet.

(in reply to dm_4ever)
 
 
Post #: 4
 
 
 
 

If you found our site useful please link to us <a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>.
All Forums >> [Scripting] >> WSH & Client Side VBScript >> Account lockout in AD Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.5.5 ANSI