update

NRPE/Check-AD-Accounts-Lock.ps1

@@ -0,0 +1,119 @@
+<#
+.SYNOPSIS
+    <Overview of script>
+
+.NOTES
+    Version        : 1.0
+    Author         : Hubert CORNET
+    Creation Date  : 17/11/2022
+    Purpose/Change : <Initial script development>
+
+.LINK
+    https://www.tips-of-mine.fr
+
+.EXEMPLE
+    <Example goes here. Repeat this attribute for more than one example>
+
+.DESCRIPTION
+    <Brief description of script>
+
+.PARAMETER <Parameter_Name>
+    <Brief description of parameter input required. Repeat this attribute if required>
+
+.INPUTS
+    <Inputs if any, otherwise state None>
+
+.OUTPUTS
+    <Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
+#>
+
+#---------------------------------------------------------[Initialisations]--------------------------------------------------------
+
+[CmdletBinding()]
+Param(
+	[string]$action = "LockedOut",
+	[string]$searchBase = "",
+	[string]$searchScope = "Subtree",
+	[int]$maxWarn = 5,
+	[int]$maxCrit = 10
+)
+
+# Définir l'action d'erreur pour continuer silencieusement
+$ErrorActionPreference = "SilentlyContinue"
+
+#----------------------------------------------------------[Declarations]----------------------------------------------------------
+# Version Script
+$sScriptVersion = "1.0"
+
+#Log File Info
+$sLogPath = "C:\Tmp"
+$sLogName = "Check-AD-Account-Lock.log"
+$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName
+
+Start-Transcript -Path $sLogFile -NoClobber
+
+#-----------------------------------------------------------[Functions]------------------------------------------------------------
+
+#--------------------------------------------------------[Debut Du Script]---------------------------------------------------------
+
+# check that powershell ActiveDirectory module is present
+If(Get-Module -Name "ActiveDirectory" -ListAvailable) {
+	Try {
+		Import-Module -Name ActiveDirectory
+	}
+	Catch {
+		Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module"
+		exit 2
+	}
+}
+Else {
+	Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module"
+	exit 2
+}
+
+# check params if provided
+If($action -notmatch "^(AccountDisabled|AccountExpired|AccountExpiring|AccountInactive|LockedOut|PasswordExpired|PasswordNeverExpires)$") {
+	Write-Host "CRITICAL: action parameter can only be AccountDisabled,AccountExpired,AccountExpiring,AccountInactive,LockedOut,PasswordExpired,PasswordNeverExpires. Provided $action"
+	exit 2
+}
+
+If($searchScope -notmatch "^(Base|OneLevel|Subtree)$") {
+	Write-Host "CRITICAL: searchScope parameter can only be Base,OneLevel,Subtree. Provided $searchScope"
+	exit 2
+}
+
+If(($searchBase -ne "") -and $searchBase -ne ((Get-ADDomain).DistinguishedName)) {
+	$search=Get-ADObject -Filter 'ObjectClass -eq "OrganizationalUnit" -and DistinguishedName -eq $searchBase'
+	
+	If ($search.Count -ne 1) {
+		Write-Host "CRITICAL: SearchBase not found or duplicate. Provided $searchBase"
+		exit 2
+	}
+}
+Else {
+	$searchBase=(Get-ADDomain).DistinguishedName
+}
+
+$command="Search-ADAccount -"+$action+" -SearchBase '"+$searchBase+"' -SearchScope "+$searchScope
+$result=invoke-expression $command
+
+If($result.Count -gt $maxCrit) {
+	$state="CRITICAL"
+	$exitcode=2
+}
+Elseif($result.Count -gt $maxWarn) {
+	$state="WARNING"
+	$exitcode=1
+}
+Else {
+	$state="OK"
+	$exitcode=0
+}
+
+$output=$state+": "+$result.Count+" "+$action+"|"+$action+"="+$result.Count+";"+$maxWarn+";"+$maxCrit
+Write-Host $output
+exit $exitcode
+
+#---------------------------------------------------------[Fin Du Script]----------------------------------------------------------
+
+Stop-Transcript