Blogs Created by Daag van der Meer

Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

Open the group policy editor on your domain
Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
Double click or open “Specify settings for optional component installation and component repair”
Make sure “Never attempt to download payload from Windows Update” is NOT checked
Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Install Fonts with Powershell

$ssfFonts = 0x14

$fontSourceFolder = "<span>"

$Shell = New-Object -ComObject Shell.Application

$SystemFontsFolder = $Shell.Namespace($ssfFonts)

$FontFiles = Get-ChildItem $fontSourceFolder

$SystemFontsPath = $SystemFontsFolder.Self.Path

$rebootFlag = $false

 

foreach($FontFile in $FontFiles) {

    # $FontFile will be copied to this path:

    $targetPath = Join-Path $SystemFontsPath $FontFile.Name

    # So, see if target exists...

    if(Test-Path $targetPath){

        # font file with the same name already there.

        # delete and replace.

        $rebootFlag = $true

        Remove-Item $targetPath -Force

        Copy-Item $FontFile.FullName $targetPath -Force

    }else{

        #install the font.

        $SystemFontsFolder.CopyHere($FontFile.fullname)

    }

}

 

#Follow-up message

if($rebootFlag){

    Write-Host "At least one existing font overwritten. A reboot may be necessary."

}</span>

$ssfFonts = 0x14

$fontSourceFolder = "<span>"

$Shell = New-Object -ComObject Shell.Application

$SystemFontsFolder = $Shell.Namespace($ssfFonts)

$FontFiles = Get-ChildItem $fontSourceFolder

$SystemFontsPath = $SystemFontsFolder.Self.Path

$rebootFlag = $false

foreach($FontFile in $FontFiles) {

# $FontFile will be copied to this path:

$targetPath = Join-Path $SystemFontsPath $FontFile.Name

# So, see if target exists...

if(Test-Path $targetPath){

# font file with the same name already there.

# delete and replace.

$rebootFlag = $true

Remove-Item $targetPath -Force

Copy-Item $FontFile.FullName $targetPath -Force

}else{

#install the font.

$SystemFontsFolder.CopyHere($FontFile.fullname)

}

#Follow-up message

if($rebootFlag){

Write-Host "At least one existing font overwritten. A reboot may be necessary."

}</span>

Fix Domoticz DB

The FIX::

You need to have sqlite3 installed on your Pi

CODE: SELECT ALL

sudo apt-get install sqlite3

1	sudo apt-get install sqlite3

If you have it you can do the following commands:

CODE: SELECT ALL

cd ~
cd domoticz
sqlite3 domoticz.db
.mode insert
.output dump.sql
.dump
.exit

cd ~

cd domoticz

sqlite3 domoticz.db

.mode insert

.output dump.sql

.dump

.exit

Remove first line of dumped database:
tail dump.sql -n +2 > dump1.sql
# Make back-up of original just in case:
mv domoticz.db domoticz.bak.db
# Import into fresh database:
sqlite3 domoticz.db < dump1.sql
# Clean-up the temporary files:
rm dump*.sql

https://www.domoticz.com/forum/viewtopic.php?t=10984

Domoticz Cisco Port on / of switch

Script is created by Johan ven Boomgaard.

#!/bin/bash
# Set-cisco-port.sh
# ==============
# |Author: JvdB|
# ==============
# 
# Find,disable,enable port using SNMP at Cisco switch#
# 
# Usage: cd <directory> ./Set-cisco-port.sh <switch ip-address> <description> <action>
# Example: cd <directory> ./Set-cisco-port.sh 192.168.2.250 Test-pc e 
#
# Where:
# - 1st parameter is switch IP address
# - 2nd is Description of NIC/Device
# - 3rd is operation(e - enable port when find description at port, d -disable port when find description at port)
#
# =======================================
# Start script with setting the variables
# =======================================
#
switch_ip=$1;
desc=$(echo $2 | sed 's/://g');
community="private";
operation=$3;
#
2970_get_port(){
# Check for description at port
for i in `snmpwalk -On -v2c -c $community@1 192.168.2.250 .1.3.6.1.4.1.9.9.46.1.3.1.1.2  | sed 's/.1.3.6.1.4.1.9.9.46.1.3.1.1.2.1.//g'  | awk '{print $1}'`; do
        find_mac=`snmpwalk -On -v2c -c  $community@$i 192.168.2.250 .1.3.6.1.2.1.17.4.3.1.1 | sed s/' '//g  | grep -i $desc | sed 's/^.*Hex-STRING\://g'| awk '{print $1}'`;
        if [[ $find_mac != "" ]]; then
                point1=$(snmpwalk -On -v2c -c $community@$i $switch_ip .1.3.6.1.2.1.17.4.3.1.1 | sed s/' '//g  | grep -i $desc  | sed 's/.1.3.6.1.2.1.17.4.3.1.1.//g' | sed 's/=.*//g' );
                port_numb=`snmpwalk -v2c -c $community@$i $switch_ip .1.3.6.1.2.1.17.4.3.1.2  | grep -i $point1 | sed 's/^.*INTEGER\: //g'`;
                echo "Description $desc was found at port number #"$port_numb;
        fi
done;
}
disable_port(){
        echo "Going to disable port by Description";
	# Find by port description
        port_to_disable=`snmpwalk -v2c -On -c $community $switch_ip .1.3.6.1.2.1.31.1.1.1.18 | grep -i $desc | sed 's/.1.3.6.1.2.1.31.1.1.1.18.//g' | awk '{print $1}'`;
        # If port was not found
        if [[ $port_to_disable == "" ]]; then
                echo "Port wasn't found by port description. Exiting ...";
                2970_get_port;
                $port_to_disable=$port_numb;
                echo $ $port_to_disable;
                exit;
        fi;
        # Disable port
        snmpset -v2c -c $community $switch_ip .1.3.6.1.2.1.2.2.1.7.$port_to_disable i 2;
        # Save running config of Cisco switch to startup
        save_2970_cfg;
}
enable_port(){
        echo "Going to enable port by Description";
        # Find by port description
        port_to_enable=`snmpwalk -v2c -On -c $community $switch_ip .1.3.6.1.2.1.31.1.1.1.18 | grep -i $desc | sed 's/.1.3.6.1.2.1.31.1.1.1.18.//g' | awk '{print $1}'`;
        # If port was not found
        if [[ $port_to_enable == "" ]]; then
                echo "Port wasn't found by port description. Exiting ...";
                2970_get_port;
                $port_to_enable=$port_numb;
                echo $ $port_to_enable;
                exit;
        fi;
        # Enable port
        snmpset -v2c -c $community $switch_ip .1.3.6.1.2.1.2.2.1.7.$port_to_enable i 1;
        # Save running config of Cisco switch to startup
        save_2970_cfg;
}
save_2970_cfg(){
        echo "Saving Cisco 2970 switch configuration";
         snmpset -t60 -v2c -c $community $switch_ip 1.3.6.1.4.1.9.2.1.54.0 i 1
}
main(){
        if [[ $operation == "f" ]]; then
                echo "Find port operation";
                2970_get_port;
        elif [[ $operation == "d" ]]; then
                echo "Disable port operation";
                disable_port;
        elif [[ $operation == "e" ]]; then
                echo "Enable port operation";
                enable_port;
        else
                echo "Wrong arguments given";
        fi;
}
main;

#!/bin/bash

# Set-cisco-port.sh

# ==============

# |Author: JvdB|

# ==============

# Find,disable,enable port using SNMP at Cisco switch#

# Usage: cd <directory> ./Set-cisco-port.sh <switch ip-address> <description> <action>

# Example: cd <directory> ./Set-cisco-port.sh 192.168.2.250 Test-pc e

# Where:

# - 1st parameter is switch IP address

# - 2nd is Description of NIC/Device

# - 3rd is operation(e - enable port when find description at port, d -disable port when find description at port)

# =======================================

# Start script with setting the variables

# =======================================

switch_ip=$1;

desc=$(echo $2 | sed 's/://g');

community="private";

operation=$3;

2970_get_port(){

# Check for description at port

for i in `snmpwalk -On -v2c -c $community@1 192.168.2.250 .1.3.6.1.4.1.9.9.46.1.3.1.1.2 | sed 's/.1.3.6.1.4.1.9.9.46.1.3.1.1.2.1.//g' | awk '{print $1}'`; do

find_mac=`snmpwalk -On -v2c -c $community@$i 192.168.2.250 .1.3.6.1.2.1.17.4.3.1.1 | sed s/' '//g | grep -i $desc | sed 's/^.*Hex-STRING\://g'| awk '{print $1}'`;

if [[ $find_mac != "" ]]; then

point1=$(snmpwalk -On -v2c -c $community@$i $switch_ip .1.3.6.1.2.1.17.4.3.1.1 | sed s/' '//g | grep -i $desc | sed 's/.1.3.6.1.2.1.17.4.3.1.1.//g' | sed 's/=.*//g' );

port_numb=`snmpwalk -v2c -c $community@$i $switch_ip .1.3.6.1.2.1.17.4.3.1.2 | grep -i $point1 | sed 's/^.*INTEGER\: //g'`;

echo "Description $desc was found at port number #"$port_numb;

done;

}

disable_port(){

echo "Going to disable port by Description";

# Find by port description

port_to_disable=`snmpwalk -v2c -On -c $community $switch_ip .1.3.6.1.2.1.31.1.1.1.18 | grep -i $desc | sed 's/.1.3.6.1.2.1.31.1.1.1.18.//g' | awk '{print $1}'`;

# If port was not found

if [[ $port_to_disable == "" ]]; then

echo "Port wasn't found by port description. Exiting ...";

2970_get_port;

$port_to_disable=$port_numb;

echo $ $port_to_disable;

exit;

fi;

# Disable port

snmpset -v2c -c $community $switch_ip .1.3.6.1.2.1.2.2.1.7.$port_to_disable i 2;

# Save running config of Cisco switch to startup

save_2970_cfg;

}

enable_port(){

echo "Going to enable port by Description";

# Find by port description

port_to_enable=`snmpwalk -v2c -On -c $community $switch_ip .1.3.6.1.2.1.31.1.1.1.18 | grep -i $desc | sed 's/.1.3.6.1.2.1.31.1.1.1.18.//g' | awk '{print $1}'`;

# If port was not found

if [[ $port_to_enable == "" ]]; then

echo "Port wasn't found by port description. Exiting ...";

2970_get_port;

$port_to_enable=$port_numb;

echo $ $port_to_enable;

exit;

fi;

# Enable port

snmpset -v2c -c $community $switch_ip .1.3.6.1.2.1.2.2.1.7.$port_to_enable i 1;

# Save running config of Cisco switch to startup

save_2970_cfg;

}

save_2970_cfg(){

echo "Saving Cisco 2970 switch configuration";

snmpset -t60 -v2c -c $community $switch_ip 1.3.6.1.4.1.9.2.1.54.0 i 1

}

main(){

if [[ $operation == "f" ]]; then

echo "Find port operation";

2970_get_port;

elif [[ $operation == "d" ]]; then

echo "Disable port operation";

disable_port;

elif [[ $operation == "e" ]]; then

echo "Enable port operation";

enable_port;

else

echo "Wrong arguments given";

fi;

}

main;

Monitor domoticz

Monitoring door Monit voor Raspberry Pi en Domoticz

Inventory and push software

Home

http://fusioninventory.org/

Disable-Enable automapping Echange 2016

Because automapping is not always working correct, just created this script to re-enable automapping with the correct settings. This script you need to run on the Exchange server.

# Created by Daag van der Meer
# blog.van-daag.nl
# This script gives the user full access to the mailbox. This will update also the folders below the inbox with the rights.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;


# Enter the mailbox name here
$mailbox= "<mailboxname>"

# Add here the usernames like "<USERNAME>", "<ÜSERNAME>"
$users= "<USERNAME>", "<ÜSERNAME>"


####### Start of the Script. Do not edit below

foreach ($user in $users){ 
# First disable AutoMapping
Add-MailboxPermission -Identity $mailbox -User $user -AccessRights FullAccess -InheritanceType All -Automapping $false


# Now enable Automapping
Add-MailboxPermission -Identity $mailbox -User $user -AccessRights FullAccess -InheritanceType All -Automapping $true
}

# Created by Daag van der Meer

# blog.van-daag.nl

# This script gives the user full access to the mailbox. This will update also the folders below the inbox with the rights.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

# Enter the mailbox name here

$mailbox= "<mailboxname>"

# Add here the usernames like "<USERNAME>", "<ÜSERNAME>"

$users= "<USERNAME>", "<ÜSERNAME>"

####### Start of the Script. Do not edit below

foreach ($user in $users){

# First disable AutoMapping

Add-MailboxPermission -Identity $mailbox -User $user -AccessRights FullAccess -InheritanceType All -Automapping $false

# Now enable Automapping

Add-MailboxPermission -Identity $mailbox -User $user -AccessRights FullAccess -InheritanceType All -Automapping $true

}

Update Synology Mail Plus spam server more than once a day.

Update Synology Mail Plus spam server more than once a day

Just found the scripts that you can run and schedule to run more often than once a day. And if you run ClaimAV as virusscanner.

Run the following scripts.

bash /volume1/@appstore/MailPlus-Server/scripts/SpamRuleUpdate.sh all
bash /volume1/@appstore/MailPlus-Server/scripts/SpamAutoLearn.sh
bash /volume1/@appstore/AntiVirus/scripts/clamav.sh check_update

AD Send mail on password reset

This is based on Security Event ID 4724. When this is logged on the domain controller, Task Scheduler kicks this script. And send a mail to Admin and user. And also creates a local log file who reset the password.

# Created by Daag van der Meer on 12-10-2018
# Blog.van-daag.nl
# Powershell Send mail When account password reset is done To user and admin.
# Save this also in a Log file
 
##################
## Temp location for creating HTML email
##################
$Report= "c:\Temp\reset.html" 

##################
## Log location
##################
$log= "C:\Logs\Accountreset.csv"
 
$HTML=@" 
<title>Account locked out Report</title> 
<!--mce:0--> 
"@ 

##################
## Retrieve eventlog with all value
##################

$event = Get-EventLog -LogName Security -InstanceId 4724 -Newest 1 |
 Select TimeGenerated, ReplacementStrings |
  % { 
     New-Object PSObject -Property @{ 
      "Account name" = $_.ReplacementStrings[0] 
      "Account Domain" = $_.ReplacementStrings[1] 
      "Reset by" = $_.ReplacementStrings[4] 
      Date = $_.TimeGenerated 
    } 
   } 

##################
## Retrieve eventlog For filter username
##################

$userevent= Get-EventLog -LogName Security -InstanceId 4724 -Newest 1 | Select-Object @{n='UserName';e={$_.ReplacementStrings[0]}}
$user= $userevent -replace ".*=" -replace "}"

##################
## send mail to admin
##################


$event | ConvertTo-Html -Property "Account name","Account Domain","Reset By",Date -head $HTML -body  "<H2> User account password is reset</H2>"| 
     Out-File $Report -Append 

##################
## Mail config admin
##################

$MailBody= Get-Content $Report 
$MailSubject= "User password reset" 
$SmtpClient = New-Object system.net.mail.smtpClient 
$SmtpClient.host = "<MAIL SERVER>" 
$MailMessage = New-Object system.net.mail.mailmessage 
$MailMessage.from = "<FROM MAILADRESS>" 
$MailMessage.To.add("<MAILADRESS>") 
$MailMessage.Subject = $MailSubject 
$MailMessage.IsBodyHtml = 1 
$MailMessage.Body = $MailBody 
$SmtpClient.Send($MailMessage) 

del c:\Temp\reset.html
$event | Export-Csv $log -NoTypeInformation -Append


#############################
### Send mail to user #######
#############################

$useremail = Get-ADUser $user -Properties mail | Select-Object -ExpandProperty mail
$userfirstname1 = Get-ADUser $user -Properties GivenName | Select-Object GivenName
$userfirstname = $userfirstname1 -replace ".*=" -replace "}"
$userlastsname1 = Get-ADUser $user -Properties Surname | Select-Object Surname
$userlastsname = $userlastsname1 -replace ".*=" -replace "}"

$Pic = '<ADD LOCATION FOR PICTURE IN MAIL>'

$att1 = new-object Net.Mail.Attachment($Pic)
$att1.ContentType.MediaType = “image/png”
$att1.ContentId = “Attachment”

##################
## HTML mail setup to user
##################

$userBody = @"
<html>
    <body>
    <span lang=NL style='font-size:10.0pt;line-height:106%;color:black'>
Dear $userfirstname $userlastsname,<br>
<br>
The password for your <b>DOMAIN\$user</b> account has been reset.<br>
If you did not request this, please inform:<br>
<br>
This is an automated email.<br>
<br>
</span>
<img src="cid:Attachment">
"@

##################
## Mail config user
##################

$userSubject = "Your password is changed"
$userMessage = New-Object system.net.mail.mailmessage 
$userMessage.from = "<FROM MAILADRESS>"
$userMessage.To.add("$useremail")  
$userMessage.Subject = $userSubject  
$userMessage.IsBodyHtml = 1
$userMessage.Body = $userBody 


$userMessage.Attachments.Add($att1)


$SmtpClient.Send($userMessage)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

# Created by Daag van der Meer on 12-10-2018

# Blog.van-daag.nl

# Powershell Send mail When account password reset is done To user and admin.

# Save this also in a Log file

##################

## Temp location for creating HTML email

##################

$Report= "c:\Temp\reset.html"

##################

## Log location

##################

$log= "C:\Logs\Accountreset.csv"

$HTML=@"

<title>Account locked out Report</title>

##################

## Retrieve eventlog with all value

##################

$event = Get-EventLog -LogName Security -InstanceId 4724 -Newest 1 |

Select TimeGenerated, ReplacementStrings |

% {

New-Object PSObject -Property @{

"Account name" = $_.ReplacementStrings[0]

"Account Domain" = $_.ReplacementStrings[1]

"Reset by" = $_.ReplacementStrings[4]

Date = $_.TimeGenerated

}

##################

## Retrieve eventlog For filter username

##################

$userevent= Get-EventLog -LogName Security -InstanceId 4724 -Newest 1 | Select-Object @{n='UserName';e={$_.ReplacementStrings[0]}}

$user= $userevent -replace ".*=" -replace "}"

##################

## send mail to admin

##################

$event | ConvertTo-Html -Property "Account name","Account Domain","Reset By",Date -head $HTML -body "<H2> User account password is reset</H2>"|

Out-File $Report -Append

##################

## Mail config admin

##################

$MailBody= Get-Content $Report

$MailSubject= "User password reset"

$SmtpClient = New-Object system.net.mail.smtpClient

$SmtpClient.host = "<MAIL SERVER>"

$MailMessage = New-Object system.net.mail.mailmessage

$MailMessage.from = "<FROM MAILADRESS>"

$MailMessage.To.add("<MAILADRESS>")

$MailMessage.Subject = $MailSubject

$MailMessage.IsBodyHtml = 1

$MailMessage.Body = $MailBody

$SmtpClient.Send($MailMessage)

del c:\Temp\reset.html

$event | Export-Csv $log -NoTypeInformation -Append

#############################

### Send mail to user #######

#############################

$useremail = Get-ADUser $user -Properties mail | Select-Object -ExpandProperty mail

$userfirstname1 = Get-ADUser $user -Properties GivenName | Select-Object GivenName

$userfirstname = $userfirstname1 -replace ".*=" -replace "}"

$userlastsname1 = Get-ADUser $user -Properties Surname | Select-Object Surname

$userlastsname = $userlastsname1 -replace ".*=" -replace "}"

$Pic = '<ADD LOCATION FOR PICTURE IN MAIL>'

$att1 = new-object Net.Mail.Attachment($Pic)

$att1.ContentType.MediaType = “image/png”

$att1.ContentId = “Attachment”

##################

## HTML mail setup to user

##################

$userBody = @"

<html>

<body>

Dear $userfirstname $userlastsname,<br>

<br>

The password for your <b>DOMAIN\$user</b> account has been reset.<br>

If you did not request this, please inform:<br>

<br>

This is an automated email.<br>

<br>

</span>

##################

## Mail config user

##################

$userSubject = "Your password is changed"

$userMessage = New-Object system.net.mail.mailmessage

$userMessage.from = "<FROM MAILADRESS>"

$userMessage.To.add("$useremail")

$userMessage.Subject = $userSubject

$userMessage.IsBodyHtml = 1

$userMessage.Body = $userBody

$userMessage.Attachments.Add($att1)

$SmtpClient.Send($userMessage)

AD Send mail on Account Lock

At a company where I worked, there was no logging with account lock and the had plans to change the GPO that accounts will not be auto unlocked.
So I also added mailing to the admin of that specific OU (Country)

I found a script from Maxzor1908 on Technet
That was the basic. I Added a lot of extra.

# Powershell User Account locked out Maxzor1908 *16/4/2013* 
# Checked and edit by Daag van der Meer - 03-10-2018
# blog.van-daag.nl
#              Email adress needs to be filled in at the admin account.
 
##################
## Temp location for creating HTML email
##################
$Report= "c:\Temp\Lockedhtml.html" 

##################
## Log location
##################
$log= "C:\Logs\AccountLocked.csv"
 
$HTML=@" 
<title>Account locked out Report</title> 
<!--mce:0--> 
"@ 
 
$Account_Name = @{n='Account name';e={$_.ReplacementStrings[-1]}} 
$Account_domain = @{n='Account Domain';e={$_.ReplacementStrings[-2]}} 
$Caller_Computer_Name = @{n='Caller Computer Name';e={$_.ReplacementStrings[-1]}} 
 
##################
## Retrieve eventlog with all value
##################

             
$event= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 | 
   Select TimeGenerated,ReplacementStrings,"Account name","Account Domain","Caller Computer Name" | 
   % { 
     New-Object PSObject -Property @{ 
      "Account name" = $_.ReplacementStrings[-7] 
      "Account Domain" = $_.ReplacementStrings[5] 
      "Caller Computer Name" = $_.ReplacementStrings[1] 
      Date = $_.TimeGenerated 
    } 
   } 
    
  $event | ConvertTo-Html -Property "Account name","Account Domain","Caller Computer Name",Date -head $HTML -body  "<H2> User is locked in the Active Directory</H2>"| 
     Out-File $Report -Append 
 

##################
## Retrieve eventlog For filter username
##################


 $user= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 | 
   Select ReplacementStrings | 
   % { 
     New-Object PSObject -Property @{ 
      "Account name" = $_.ReplacementStrings[-7] 
      } 
   } 

$userrename = $user -replace ".*=" -replace "}"
$userou = Get-ADUser $userrename -Properties DistinguishedName | Select-Object -ExpandPropert DistinguishedName

##############################
## Here is the ad Groups configured who can unlock accounts
#############################
 

if ($userou.Contains('OU=<OU>')) {$mail = "<AD GROUP>"}

elseif ($userou.Contains('OU=<OU>')) {$mail = "<AD GROUP>"}

else {$mail = "<AD GROUP>" }

$adminmail = Get-ADGroupMember $mail | select samaccountname | %{Get-ADUser $_.samaccountname -Properties mail} | %{write-output "$($_.mail)"}
$mailadmin =  $adminmail -join "," -replace ",,"

##################
## Mail config admin
##################


$MailBody= Get-Content $Report 
$MailSubject= "User Account locked out" 
$SmtpClient = New-Object system.net.mail.smtpClient 
$SmtpClient.host = "<MAIL SERVER>" 
$MailMessage = New-Object system.net.mail.mailmessage 
$MailMessage.from = "<FROM MAIL ADRESS>" 
$MailMessage.To.add("<TO MAIL ADRESS>,$mailadmin") 
$MailMessage.Subject = $MailSubject 
$MailMessage.IsBodyHtml = 1 
$MailMessage.Body = $MailBody 
$SmtpClient.Send($MailMessage) 


##################
## Remove the temp document
##################
del c:\Temp\Lockedhtml.html

##################
## Write to log about the account lock
##################

$event | Export-Csv $log -NoTypeInformation -Append

100

101

102

# Powershell User Account locked out Maxzor1908 *16/4/2013*

# Checked and edit by Daag van der Meer - 03-10-2018

# blog.van-daag.nl

# Email adress needs to be filled in at the admin account.

##################

## Temp location for creating HTML email

##################

$Report= "c:\Temp\Lockedhtml.html"

##################

## Log location

##################

$log= "C:\Logs\AccountLocked.csv"

$HTML=@"

<title>Account locked out Report</title>

$Account_Name = @{n='Account name';e={$_.ReplacementStrings[-1]}}

$Account_domain = @{n='Account Domain';e={$_.ReplacementStrings[-2]}}

$Caller_Computer_Name = @{n='Caller Computer Name';e={$_.ReplacementStrings[-1]}}

##################

## Retrieve eventlog with all value

##################

$event= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 |

Select TimeGenerated,ReplacementStrings,"Account name","Account Domain","Caller Computer Name" |

% {

New-Object PSObject -Property @{

"Account name" = $_.ReplacementStrings[-7]

"Account Domain" = $_.ReplacementStrings[5]

"Caller Computer Name" = $_.ReplacementStrings[1]

Date = $_.TimeGenerated

}

$event | ConvertTo-Html -Property "Account name","Account Domain","Caller Computer Name",Date -head $HTML -body "<H2> User is locked in the Active Directory</H2>"|

Out-File $Report -Append

##################

## Retrieve eventlog For filter username

##################

$user= Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 |

Select ReplacementStrings |

% {

New-Object PSObject -Property @{

"Account name" = $_.ReplacementStrings[-7]

}

$userrename = $user -replace ".*=" -replace "}"

$userou = Get-ADUser $userrename -Properties DistinguishedName | Select-Object -ExpandPropert DistinguishedName

##############################

## Here is the ad Groups configured who can unlock accounts

#############################

if ($userou.Contains('OU=<OU>')) {$mail = "<AD GROUP>"}

elseif ($userou.Contains('OU=<OU>')) {$mail = "<AD GROUP>"}

else {$mail = "<AD GROUP>" }

$adminmail = Get-ADGroupMember $mail | select samaccountname | %{Get-ADUser $_.samaccountname -Properties mail} | %{write-output "$($_.mail)"}

$mailadmin = $adminmail -join "," -replace ",,"

##################

## Mail config admin

##################

$MailBody= Get-Content $Report

$MailSubject= "User Account locked out"

$SmtpClient = New-Object system.net.mail.smtpClient

$SmtpClient.host = "<MAIL SERVER>"

$MailMessage = New-Object system.net.mail.mailmessage

$MailMessage.from = "<FROM MAIL ADRESS>"

$MailMessage.To.add("<TO MAIL ADRESS>,$mailadmin")

$MailMessage.Subject = $MailSubject

$MailMessage.IsBodyHtml = 1

$MailMessage.Body = $MailBody

$SmtpClient.Send($MailMessage)

##################

## Remove the temp document

##################

del c:\Temp\Lockedhtml.html

##################

## Write to log about the account lock

##################

$event | Export-Csv $log -NoTypeInformation -Append