119 lines
3.4 KiB
PowerShell
119 lines
3.4 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
<Overview of script>
|
|
|
|
.NOTES
|
|
Version : 1.0
|
|
Author : Hubert CORNET
|
|
Creation Date : 17/11/2022
|
|
Purpose/Change : <Initial script development>
|
|
|
|
.LINK
|
|
https://www.tips-of-mine.fr
|
|
|
|
.EXEMPLE
|
|
<Example goes here. Repeat this attribute for more than one example>
|
|
|
|
.DESCRIPTION
|
|
<Brief description of script>
|
|
|
|
.PARAMETER <Parameter_Name>
|
|
<Brief description of parameter input required. Repeat this attribute if required>
|
|
|
|
.INPUTS
|
|
<Inputs if any, otherwise state None>
|
|
|
|
.OUTPUTS
|
|
<Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
|
|
#>
|
|
|
|
#---------------------------------------------------------[Initialisations]--------------------------------------------------------
|
|
|
|
[CmdletBinding()]
|
|
Param(
|
|
[string]$action = "LockedOut",
|
|
[string]$searchBase = "",
|
|
[string]$searchScope = "Subtree",
|
|
[int]$maxWarn = 5,
|
|
[int]$maxCrit = 10
|
|
)
|
|
|
|
# Définir l'action d'erreur pour continuer silencieusement
|
|
$ErrorActionPreference = "SilentlyContinue"
|
|
|
|
#----------------------------------------------------------[Declarations]----------------------------------------------------------
|
|
# Version Script
|
|
$sScriptVersion = "1.0"
|
|
|
|
#Log File Info
|
|
$sLogPath = "C:\Tmp"
|
|
$sLogName = "Check-AD-Account-Lock.log"
|
|
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName
|
|
|
|
Start-Transcript -Path $sLogFile -NoClobber
|
|
|
|
#-----------------------------------------------------------[Functions]------------------------------------------------------------
|
|
|
|
#--------------------------------------------------------[Debut Du Script]---------------------------------------------------------
|
|
|
|
# check that powershell ActiveDirectory module is present
|
|
If(Get-Module -Name "ActiveDirectory" -ListAvailable) {
|
|
Try {
|
|
Import-Module -Name ActiveDirectory
|
|
}
|
|
Catch {
|
|
Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module"
|
|
exit 2
|
|
}
|
|
}
|
|
Else {
|
|
Write-Host "CRITICAL: Missing PowerShell ActiveDirectory module"
|
|
exit 2
|
|
}
|
|
|
|
# check params if provided
|
|
If($action -notmatch "^(AccountDisabled|AccountExpired|AccountExpiring|AccountInactive|LockedOut|PasswordExpired|PasswordNeverExpires)$") {
|
|
Write-Host "CRITICAL: action parameter can only be AccountDisabled,AccountExpired,AccountExpiring,AccountInactive,LockedOut,PasswordExpired,PasswordNeverExpires. Provided $action"
|
|
exit 2
|
|
}
|
|
|
|
If($searchScope -notmatch "^(Base|OneLevel|Subtree)$") {
|
|
Write-Host "CRITICAL: searchScope parameter can only be Base,OneLevel,Subtree. Provided $searchScope"
|
|
exit 2
|
|
}
|
|
|
|
If(($searchBase -ne "") -and $searchBase -ne ((Get-ADDomain).DistinguishedName)) {
|
|
$search=Get-ADObject -Filter 'ObjectClass -eq "OrganizationalUnit" -and DistinguishedName -eq $searchBase'
|
|
|
|
If ($search.Count -ne 1) {
|
|
Write-Host "CRITICAL: SearchBase not found or duplicate. Provided $searchBase"
|
|
exit 2
|
|
}
|
|
}
|
|
Else {
|
|
$searchBase=(Get-ADDomain).DistinguishedName
|
|
}
|
|
|
|
$command="Search-ADAccount -"+$action+" -SearchBase '"+$searchBase+"' -SearchScope "+$searchScope
|
|
$result=invoke-expression $command
|
|
|
|
If($result.Count -gt $maxCrit) {
|
|
$state="CRITICAL"
|
|
$exitcode=2
|
|
}
|
|
Elseif($result.Count -gt $maxWarn) {
|
|
$state="WARNING"
|
|
$exitcode=1
|
|
}
|
|
Else {
|
|
$state="OK"
|
|
$exitcode=0
|
|
}
|
|
|
|
$output=$state+": "+$result.Count+" "+$action+"|"+$action+"="+$result.Count+";"+$maxWarn+";"+$maxCrit
|
|
Write-Host $output
|
|
exit $exitcode
|
|
|
|
#---------------------------------------------------------[Fin Du Script]----------------------------------------------------------
|
|
|
|
Stop-Transcript |