<# .SYNOPSIS .NOTES Version : 1.0 Author : Hubert CORNET Creation Date : 17/11/2022 Purpose/Change : .LINK https://www.tips-of-mine.fr .EXEMPLE .DESCRIPTION .PARAMETER .INPUTS .OUTPUTS .log> #> #---------------------------------------------------------[Initialisations]-------------------------------------------------------- [CmdletBinding()] Param( [string]$action = "LockedOut", [string]$searchBase = "", [string]$searchScope = "Subtree", [int]$maxWarn = 5, [int]$maxCrit = 10 ) # Définir l'action d'erreur pour continuer silencieusement $ErrorActionPreference = "SilentlyContinue" #----------------------------------------------------------[Declarations]---------------------------------------------------------- # Version Script $sScriptVersion = "1.0" #Log File Info $sLogPath = "C:\Tmp" $sLogName = "Check-AD-Account-Lock.log" $sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName Start-Transcript -Path $sLogFile -NoClobber #-----------------------------------------------------------[Functions]------------------------------------------------------------ #--------------------------------------------------------[Debut Du Script]--------------------------------------------------------- # check that powershell ActiveDirectory module is present If(Get-Module -Name "ActiveDirectory" -ListAvailable) { Try { Import-Module -Name ActiveDirectory } Catch { Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module" exit 2 } } Else { Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module" exit 2 } # check params if provided If($action -notmatch "^(AccountDisabled|AccountExpired|AccountExpiring|AccountInactive|LockedOut|PasswordExpired|PasswordNeverExpires)$") { Write-Host "CRITICAL: action parameter can only be AccountDisabled,AccountExpired,AccountExpiring,AccountInactive,LockedOut,PasswordExpired,PasswordNeverExpires. Provided $action" exit 2 } If($searchScope -notmatch "^(Base|OneLevel|Subtree)$") { Write-Host "CRITICAL: searchScope parameter can only be Base,OneLevel,Subtree. Provided $searchScope" exit 2 } If(($searchBase -ne "") -and $searchBase -ne ((Get-ADDomain).DistinguishedName)) { $search=Get-ADObject -Filter 'ObjectClass -eq "OrganizationalUnit" -and DistinguishedName -eq $searchBase' If ($search.Count -ne 1) { Write-Host "CRITICAL: SearchBase not found or duplicate. Provided $searchBase" exit 2 } } Else { $searchBase=(Get-ADDomain).DistinguishedName } $command="Search-ADAccount -"+$action+" -SearchBase '"+$searchBase+"' -SearchScope "+$searchScope $result=invoke-expression $command If($result.Count -gt $maxCrit) { $state="CRITICAL" $exitcode=2 } Elseif($result.Count -gt $maxWarn) { $state="WARNING" $exitcode=1 } Else { $state="OK" $exitcode=0 } $output=$state+": "+$result.Count+" "+$action+"|"+$action+"="+$result.Count+";"+$maxWarn+";"+$maxCrit Write-Host $output exit $exitcode #---------------------------------------------------------[Fin Du Script]---------------------------------------------------------- Stop-Transcript