Saturday, August 20, 2011

When your service account is being locked out constantly….

This might be a bad idea. But this script helps at times when an service account is being locked out constantly, you need time to figure out how it is happening.

I wrote this script and schedule to run every 5 minutes to scan my service account lockouts, unlock the account and send me an email. I saved my application was going down due to the service account lockouts. I figured out how the account was locked out.

If you are interested in this script, follow the steps below.

1. Copy and paste the following script to a notepad. Save it as WatchServiceAccount.vbs

2. On 44th line, provide your NetBIOS active directory domain name to the variable strDomainName

3. on 88th line, provide your local SMTP mail server name

4. Write a batch file and call this script by Cscript WatchServiceAccount.vbs MyServiceAccountName

5. Create a scheduled task to run your batch file. 

 

'  #####                                             #                                            
' #     # ###### #####  #    # #  ####  ######      # #    ####   ####   ####  #    # #    # #####
' #       #      #    # #    # # #    # #          #   #  #    # #    # #    # #    # ##   #   #  
'  #####  #####  #    # #    # # #      #####     #     # #      #      #    # #    # # #  #   #  
'       # #      #####  #    # # #      #         ####### #      #      #    # #    # #  # #   #  
' #     # #      #   #   #  #  # #    # #         #     # #    # #    # #    # #    # #   ##   #  
'  #####  ###### #    #   ##   #  ####  ######    #     #  ####   ####   ####   ####  #    #   #  
'                                                                                                  '
'
'                      #     #                                         
'                      #  #  #   ##   #####  ####  #    # ###### ##### 
'                      #  #  #  #  #    #   #    # #    # #      #    #
'                      #  #  # #    #   #   #      ###### #####  #    #
'                      #  #  # ######   #   #      #    # #      ##### 
'                      #  #  # #    #   #   #    # #    # #      #   # 
'                       ## ##  #    #   #    ####  #    # ###### #    #
' Name: WatchServiceAccount.vbs
' Arguments: Service Account name
'
' E.g., CScript WatchServiceAccount.vbs serviceaccount
'
' Description: When run this script it will check speific service account is locked out or not.
' If the account locked out it will unlock the account and send emails to admins.
'
' Written by: Anand Venkatachalapathy
' Created on August 13th 2011


'Get the passed argument and assign it to a variable
ServiceAccount = WScript.Arguments(0)

' Call the sub routine to check the account
CheckAccount ServiceAccount

'
' Name: CheckAccount
' Parameters: User Account Name
' Description: The sub routine checks IsAccountLocked attribute. If it is
' True, then Account is locked out. This sub routine will unlock the account
' send emails to administrators.
'
Sub CheckAccount(strAccount)
    'Provide your NetBIOS domain name here
    strDomainName = "MyADDomain"
   
    'Get the user account object
    Set objuser = GetObject("WinNT://" & strDomainName & "/" & strAccount)
   
    'check if it is locked out..
    If objuser.IsAccountLocked Then
        'Yes, it is LOCKED OUT.
        Wscript.Echo strAccount & " is locked out."
       
        'Unlocked the account
        objuser.IsAccountLocked = 0
        objUser.setinfo
       
        'Send emails to Administrators
        Alert_Admins "Windows-Admins@Company.com", strAccount & " is locked out", strAccount & " has been unlocked by script. Please check the cause of account lock out." & vbCrLf & vbCrLf & "--Your scripting friend"
    Else     
        'YAY! it not. No Worries here.
        Wscript.Echo strAccount & " is NOT locked out."
    End If
    Set obj = Nothing
End Sub


'===============================================================
' Name:      Alert_Admins
' Purpose:   Send email using mail.corp.idt.com server.
' Input:     strTo - Who to send to, strSub - Subject of the message
'             strBody - Body of the message
' Output:    Sends the emails to the strTO recipients
'===============================================================
Sub Alert_Admins( strTo,strSub,strBody)

    'WScript.Echo strBody

    '* iMsg - holds CDO.Message object
    '* Flds - Enumeration for CDO SMTP object properties
    '* iConf - holds CDO.Configuration
    Dim iMsg, Flds, iConf

    '* sSMTPServerName - SMTP Server Name
    Dim sSMTpServerName

    '* Assign corpml servers as SMTP server
    sSMTPServerName = "smtp.company.com"

    '* Assign cdoSendUsingPort is set to 2, i.e., send using SMTP (25) port
    Const cdoSendUsingPort = 2

    '* Create CDO Objects and assign to variables
    Set iMsg = CreateObject("CDO.Message")
    Set iConf = CreateObject("CDO.Configuration")
    Set Flds = iConf.Fields

    '* Assign values to Flds class properties

    With Flds
        .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = cdoSendUsingPort
        .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = sSMTPServerName
        .Item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 25 
        .Update
    End With

    '* Assign message properties and Send the mail
    With iMsg
        Set .Configuration = iConf
        .Fields("urn:schemas:httpmail:importance").Value = 2    'Setting Mail importance to High (2)
        .Fields.Update
        .To = strTo
        .From = "AccountsWatcher@company.com"               'Fake, but make-sense email FROM address
        .Sender = "admin@company.com"                    'Return Email address
        .Subject = strSub
        .TextBody = strBody
    .Send
    End With

End Sub

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Followers

hit counter