Join Log in
Score:-1
imaxt avatar Server

AD lockout email alert script working intermittently

qa flag
imaxt

So we've been using this PS script for a while and was working fine until we migrated the domain controllers. The new domain controllers are running core Microsoft Windows Server 2019 Datacenter. We have 2 domain controllers and both are enabled in Task Scheduler. But for some reason the script is working intermittently. Sometimes it sends out the alerts other times it doesn't. And I can't figure out what the issue is exactly.

This is the script I have:


#################################################################

#Declare variables to be used for the Email
$MailSubject= “User Account locked out”
$MailFrom=”[email protected]”
$MailTo=”[email protected]”

#Gets the Event Log that contains the most recent lockout event
$Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1

#Creates a variable which contains the contents of the lockout event log. This is used for the actual message in the email
$MailBody= $Event.Message + “`r`n`t” + $Event.TimeGenerated

#Creates an SMTP Object and assigns an SMTP Address
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = “our-adconnect.ourdomain.local”

#Creates a new Mail Message Object. This is the object needed for the addressing email, subject, body, etc
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = $MailFrom
$MailMessage.To.add($MailTo)
$MailMessage.IsBodyHtml = 0
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody

#Actually Sends the Message
$SmtpClient.Send($MailMessage)
74
1 + 9
cn flag
Greg Askew
My guess would be the adconnect SMTP host is causing an exception. Hard to know without any logging or other details. At a minimum this needs to be in a try catch finally and log before/after and when an exception occurs.
0
Reply
imaxt avatar
qa flag
imaxt
When I comment out this: $Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 And put a string in the mailbody $MailBody= "Test" The script works. So the issue is probably the script?
0
Reply
cn flag
Greg Askew
Are there 4740 events present in the Security event log and the Get-EventLog is not returning the event? Or are you saying it works from the command prompt but not in a script?
0
Reply
imaxt avatar
qa flag
imaxt
Yes there are 4740 events present on the dc server. And the way I tested the script was manually by simply right-click > run in Powershell via the file browser.
0
Reply
cn flag
Greg Askew
If you run the single/one Get-EventLog command manually from the command prompt, does it return the expected result?
0
Reply
imaxt avatar
qa flag
imaxt
Yes ```PS C:\Windows\system32> Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 Index Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 46852615 Feb 09 11:01 SuccessA... Microsoft-Windows... 4740 A user account was locked out....```
0
Reply
cn flag
Greg Askew
You obviously need to add logging to the script. After each line if necessary. No point in guessing about what is happening. Also replace the smart quotes (“ ”) that were copied and pasted from the Internet with regular quotes (").
0
Reply
imaxt avatar
qa flag
imaxt
Script has been working with the old DC which was running full version of Windows Server 2016 for years now. Maybe it's a limitation of 2019 core and scheduling it over the Windows Admin Portal.
0
Reply
cn flag
Greg Askew
Then don't add logging.
0
Reply
Score:0
imaxt avatar Server
qa flag
imaxt

Trying to setting it up in WAC did not work. Exported a task from another server which I then imported on the core server using schtasks. That worked.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.