Skip to content

harrisoncattell/Active-Directory-Account-Lockout-Monitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Inf_NotifyAdminAccountLockouts.ps1
Inf_NotifyAdminAccountLockouts.ps1
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation


Logo

Active Directory Account Lockout Monitor

Table of Contents
  1. About The Project
  2. Getting Started

About The Project

This is a lightweight PowerShell script that collects security events with the ID 4740 (which referes to account lockouts) and references them against an array of users that has been specified. This information is emailed to a set of recipients with key information from the event

Built With

  • Powershell (A recent version will be ok, 4 or higher)
  • Active Directory Powershell Module

Getting Started

To get a local copy up and running follow these simple steps.

Prerequisites

This script requires the Active Directory PowerShell Module to be installed. Instructions can be found here

Installation

  1. Clone the repo (or download)

    git clone https://github.com/harrisoncattell/Active-Directory-Account-Lockout-Monitor.git

  2. Please move script file to suitable location

  3. Locate and change the following $VerbosePath $OUPath $recipients = @("TEST <TEST@testemail.com>") $Sender = @("TEST <TEST@testemail.com>")

You may also want to change how the events are collected, this can be found in the line $SecurityEvents = Get-WinEvent -FilterHashtable @{LogName='ForwardedEvents';ID='4740'} -MaxEvents 50

  1. Create the Task Scheduler task for this script, the interval can be set to how ever long you want (Please make the variable $TimeSpan match) If you don't know how to do this, please follow this guide

Usage

This project can be used in local AD security monitoring. This was created in reponse to the need of transparency around what administrator accounts were getting locked out and from where without relying on delayed notification from a SIEM supplier

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

Contact

Name: Harrison Cattell

Linkedin: https://www.linkedin.com/in/harrisoncattell/

Project Link: https://github.com/harrisoncattell/Active-Directory-Account-Lockout-Monitor

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages