1

I built a small script that allows me to check if a users AD account is locked out and email me if it is. It asks for username and password the first time it is run and the script that starts the powershell script schedules a task to run this every 5 minutes until i stop it.

Right now I can do this for one user at a time. The powershell script can test multiple users but i need a way to make it write the xml it is reading the information from on consecutive automated runs to be able to pull multiple users and store multiple user information.

All Code Below

Powershell:

$ConfigPath = "C:\temp\userconfig.xml"

If (test-path $ConfigPath){
    $Config = Import-Clixml $ConfigPath

}Else{
    $ConfigHash = @{
        email = read-host "What is your email address?"
        username =read-host "What is the username of the person locked out?"
    }

    $Config = New-Object -TypeName PSObject -Property $ConfigHash
    $Config | export-clixml $ConfigPath
}


Import-Module ActiveDirectory
$accts = ($config.username) | Get-ADUser -Properties LockedOut | Where-Object { $_.LockedOut -eq $true } | Select Name, LockedOut
if ($accts) {
    $body = $accts | ConvertTo-HTML | Out-String
    Send-MailMessage -From $config.email -SMTPServer mail.server.com -BodyAsHtml $body -Subject "Locked Out Accounts" -To ($config.email)
}

after first run it creates the XML script with all the information to run multiple times again. If i want to add a second person to test i would seperate the usernames by a comma where $config.username is. I don't want to manually edit the script though, i want to be able to add a second user by editing the XML.

Question: How would I acomplish being able to run this check on 2 or 3 users the best way? AND What would be the best way to add a second user after this is run for the first time?

Improve this question

1 Answer 1

Reset to default
1

You could create a separate script for adding additional users to your config file as follows:

$ConfigPath = "C:\temp\userconfig.xml"

If (test-path $ConfigPath){
    $Config = @(Import-Clixml $ConfigPath)
}

$ConfigHash = @{
    email = read-host "What is your email address?"
    username =read-host "What is the username of the person locked out?"
}

$Config += New-Object -TypeName PSObject -Property $ConfigHash
$Config | export-clixml $ConfigPath

This makes $Config an array when we import it, and then we can add additional objects to it before we export it again.

You could then adapt your original script to handle multiple users in that script as follows:

$ConfigPath = "C:\temp\userconfig.xml"

If (test-path $ConfigPath){
    $Config = Import-Clixml $ConfigPath

}Else{
    $ConfigHash = @{
        email = read-host "What is your email address?"
        username =read-host "What is the username of the person locked out?"
    }

    $Config = New-Object -TypeName PSObject -Property $ConfigHash
    $Config | export-clixml $ConfigPath
}


Import-Module ActiveDirectory

$Config | ForEach-Object {

    If ($_.username) {
        $accts = ($_.username) | Get-ADUser -Properties LockedOut | Where-Object { $_.LockedOut -eq $true } | Select Name, LockedOut
        if ($accts) {
            $body = $accts | ConvertTo-HTML | Out-String
            Send-MailMessage -From $_.email -SMTPServer mail.server.com -BodyAsHtml $body -Subject "Locked Out Accounts" -To ($_.email)
        }
    }Else{
        Write-Warning "There was a blank username entry in the config file"
    }

}

This uses a ForEach-Object loop to iterate each user in the collection. As a result the properties of each user are accessed via $_ within the loop.

Note this will still send a separate email per user.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

so just to make sure i understand that correctly the first code you dropped in your answer will actually edit the XML file to add a second user?
Yes, I suggest you save that as a second script (e.g config-user.ps1) which you can run adhoc to add additional users when you want to. The second set of code then can be your existing script running as a scheduled task.
Thank you sir. I'll test this to make sure everything works and update before EOD with an answer :)
so i had a change to test this. it created the XML without any issues and it looks to be formatted correctly but its throwing an error. Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null or an element of the argument collection contains a null value. At \adlockouttester.ps1:18 char:26 + $accts = ($_.username) | Get-ADUser -Properties LockedOut | Where-Obj ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
Does your XML file currently contain an entry that has a blank username perhaps?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.