You might want to proactively respond to events generated by your domain controller or any other server.
Modify the script below to your needs.
In my example below i use the incidentID of a user account lockout.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#Variables for mail sending. $MailSubject = “INFORMATION: An account has been locked out.” $MailFrom = new-object System.Net.Mail.MailAddress("AccountLockout@domain.com", "AccountLockout | CUSTOMER") $MailTo = ”Alertsystem@domain.com” $SMTPServer= "smtp.yourserver.com" #Variables for log gathering $Logname = "Security" $InstanceID = "4740" #Gather events $Event = Get-EventLog -LogName $Logname -InstanceId $InstanceID -Newest 1 $MailBody = $Event.Message + “`r`n`t” + $Event.TimeGenerated #Send mail alert. Send-MailMessage -To $MailTo -From $MailFrom -Subject $MailSubject -Body $MailBody -SmtpServer $SMTPServer -Encoding UTF8 |
If you have any questions / feedback or would like to correct me on any of the stuff above, please use the comment section or contact me directly using the blue button in the bottom right corner.