Mar 21, 2014

Powershell Script To Email Alerts When A Domain Account Gets Locked Out

At my previous company we had a script that would get triggered on a domain controller if an Active Directory account got locked out because of too many login attempts. It was really helpful in being proactive when someone got locked out.

I decided my current company needed something like that too, and I found a really easy Powershell script that did the trick. You can download that script here (AD Lockout Alert Script) then do the following on your domain controller to send out the alerts:

  • Open Powershell on your domain controller and run the following to allow the execution of scripts: Set-ExecutionPolicy RemoteSigned
  • Save the Alert Script to c:\lockouts
  • Modify the To, From and SMTP server information in the script for your environment and save it.
  • Create a new basic task and use "When Specific Event is Logged" as the trigger.
  • Use the following settings for the trigger:

    Log: Security
    Source: Microsoft Windows security auditing
    Event ID: 4740
  • Select "Start a Program" for the action and use the following settings:

    Program/Script: powershell.exe
    Add arguments: -nologo -File "C:\lockouts\Lockoutalert.ps1"
  • When finished setting this up, set this task to be ran as System.
That's it! Now when a user gets locked out, whatever email address you used in the To field in the script will get an alert when any user account in your domain gets locked out. I recommend testing it with a test account.

Do you use a similer method for lockout alerts in your company? Do you do it differently? If so, let us know in the comments!

[Via SW]

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam