Statistics of frequently locked AD accounts 01/19 Update SLTechnology News&Howtos

Statistics of frequently locked AD accounts

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

1. Data processing process Executes scheduling script in WinSer to remotely control DC job, exports lock EventLog of account within 7 days; transfers to LinuxSer through WinSer; executes scheduling in LinuxSer to format data and filter out (50 times/month) data. Access the share by accessing\\WinSer (every Wednesday of 28 days) to get the processed file (ad20170101.txt..)

II. Script 2.1 WinSer Server Script 1:

Since Windows does not allow powshell scripts to run directly on a schedule by default (servers have more restrictions), run Bat script calls are chosen. powershell D:\PS\AccountLockOut\Start-AccountLockOut.ps1 Script 2:

Send local script files to DC for execution (easy to manage).$ CredUser="ikulin" #Define User $PWD=ConvertTo-SecureString "Iku963" -AsPlainText -Force #Define password, convert security characters, force plaintext $Cred=New-Object System.Management.Automation.PSCredential($CredUser,$PWD) #Define authentication object Invoke-Command -FilePath "D:\PS\AccountLockOut\Get-AccountLockOut.ps1" -ComputerName 10.10.10.10-Credential $Cred net use \\DC\D$\PS\AccountLockOut Iku963.. /u:ikulinrobocopy \\DC \D$\PS\AccountLockOut D:\PS\AccountLockOut\LOG net use \\LinuxSer\ad passwd /u:usernamerobocopy D:\PS\AccountLockOut\LOG \\LinuxSer\adnet use /d * /y Script three:

Read lock logs for accounts within 7 days and export csv files. [CmdletBinding()]param([INT]$Num=7) $After=((Get-Date).adddays(-$Num+1)).ToString('yyyy-MM-dd') $Before=(Get-Date).ToString('yyyy-MM-dd') $Filename="D:\PS\AccountLockOut\"+"$After"+'-'+"$Before"+'.csv' Get-EventLog -LogName Security -After $After -InstanceId 4740 | select @{Name="USER";Expression={(($_.Message).Split(":"))[8].Trim().Split("")[0]}}, @{Name="TIME";Expression={$_.TimeGenerated}}, @{Name="COMPUTER";Expression={(($_.Message).Split(":"))[10].Trim()}} | Export-Csv -Encoding UTF8 -path "$Filename" -Force 2.2 LinuxSer Server Script IV:

Use shell scripting to get data.#!/ bin/bash#Date:2017-09-21#Version:1.0.0#Author:linxianyu#Description:Format out for AD AccountLock.csv#Count accounts locked more than 50 times and store them in variable aa=$(cut -d',' -f1 $@| sort | uniq -c | sort -n |awk -F ' ' '{ if ($1>50) print $1,$2 }' |tr -d '"' )#print the contents of variable a #awk formats the output echo $a because the original format of the input from the variable will change| awk -F ' ' ' BEGIN{printf "-s -s \n","Statistics","Account";print "-----------------------------"}{ for(i=1;i

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.