Home

Get Account Lock out Script based on research

Details

Written by: ken

Category: Uncategorised

Published: 14 July 2023

Hits: 279

Hello World

I have a requirement to look for locked out accounts from the security logs of a domain controller.

I researched the web for different ways to do it.

I created this small PowerShell script to run from an Admin tool server.

It may not be elegant but it works for me.

It is a two part script with functions.

 

$date = get-date

write-host "Enter a number to tell the script how many days in the past you want to review Security Log" -ForegroundColor Cyan -BackgroundColor Black

write-host "Enter Days Back" -ForegroundColor Yellow -NoNewline

$daysback = read-host

$logdate = (get-date).AddDays(-$daysback) #Will take input from variable

#Select the DC or DCs for this for this locked out account review

$getdc = (get-AdForest).Domains | %{Get-addomainController - Filter -Server $_} | Select -ExpandProperty name |

ogv -Title "Get DCs from the forest and list. Select the ones you want to review the security logs " -PassThru

 

# This Function Reviews the domain controller security logs based on how many days you want to go back

Function ReviewSecLog {

$log = "Security"

foreach ($dc in $getdc){

Try {

Write-host "Reviewing Server $dc" -ForegroundColor Green -NoNewline

Get-WinEvent -ComputerName $dc -FilterHashtable @{Logname = "$log"; StartTime = $logdate; ID = 4740} | sort TimeCreated,ID,Message -wrap

}

 

Catch {

Write-host "No Event ID 4740 of this type from $dc" -ForegroundColor Yellow -BackgroundColor Black

}

}

}

 

# If you have an Archive of your security logs for Security and SIEM reasons then this function will review each archive log selected

Function ReviewArchLog{

$archlog = Get-ChildItem -Path \\$getdc\<path to your archivelog.evtx or evt -Recurse | ogv -Title " Select an Archive Log from $getdc" -passthru

foreach ($arch in $archlog){

Write-host "Reviewing Archve log $getdc $arch" -ForegroundColor Cyan -BackgroundColor Black

#Parsing for Event ID 4740

Try{

Get-winevent -Path $arch | where ID -eq '4740' | format-table TimeCreated,ID, Message -Wrap

}

 

Catch {

Write-Host "Reviewed Archive Security Log and no Event ID 4740 on $arch $getdc" -ForegroundColor Yellow -BackgroundColor Black

}

}

}

 

Do {CLS

Write-Host "Type 'D' or 'd' to review DC Security Log. Type 'T' or 't' to review the archive log"

$input = Read-Host -Prompt "Type 'D' or 'd' to review DC security Log. Type 'T' or 't' to review Archive log"

 

}

 

Until ($input -eq "D" -or $input -eq "T" -or $input -eq "D" -or $input -eq "t")

 

Switch ($input) {

D{ReviewSecLog}

d{ReviewSecLog}

T{ReviewArchLog}

t{ReviewArchLog}

}

 

 

 

 

 

Is this on? Are We Online? Someone get the kitchen sink

Details

Written by: ken

Category: Uncategorised

Published: 01 July 2023

Hits: 295

Hello World. 

So many things happened over the last 4 years.  Covid hit us. My site Crashed on an upgrade and the restoration lost data.  So, I got lazy and did not want to add content or repair what was posted.  Also, a lot of work things are occuring.

I have recently started my Azure Certification path.  That studying is keeping me busy.  Then in the last 6 months, I hear people heralding the greatness of Artificial intelligence (AI).  I am actually Bit afraid of that beast.  Mainly because I do not know it.  And, I do not interact with it.  It is difficult interacting with humans, then yet you add the Alien brain extraction into the mix.  It is so SCI FI right now. 

So, What Tech Projects have I worked on in the Interim?

In my home lab, I have followed other users path to use Free Hyper-V for virtualization.  Man that was a weekend of learning and getting to access it remotely.  Microsoft's tool Windows Admin Center saved the day there.  I dabbled with Proxmox on that same system.  But, for some odd reason it did not want to fully install.  So, I went back to Free Hyper-v.

I am currently going back in years and planning to build a Router out of my left over commodity off the shelf hardware.  I'll follow up on that later on the applications I am trying when time permits. But, it is PFSense, OPNSense and Vyos

The Trailer build progressed further, but not by much.

Signing off for the night

 

 

 

Powershell to Create New Active Directory Users, in New Domains from the Instance of an Existing User

Details

Written by: ken

Category: Uncategorised

Published: 12 April 2022

Hits: 1659

Category: Uncategorised

Published: Sunday, 01 October 2017 13:22

Written by Super User

Hits: 5329

Installment #1 2017-10-01

Have you ever wondered about Powershell and how to use it.  Well, My first introduction was four years back.  My first project with Powershell was to take users from one domain in the Microsoft Active Directory forest and create the user in another subdomain, and keep all the details and select attributes of the user.  Oh, and on top of all that identify those administrators being implemented in the new domain.  Well, I did just that except for the assigning administrator privileges using Powershell.  There is too many ways to assign users to different administrative groups.

Some of the requirements to Identify are:

-  How to create a secure temporary password for each individual and keep it random for each new account

- Identifying which domain to put the customer in

- Which organizational unit to add them too

- Oh, and how to grab the data of the existing user and re-create them in the new domain.

   -- We first had to identify which attributes we were going to use from the user account, and then figure out how to script it in such a way that you did not have to type anything once the script ran.  

a little thing happened along the way.  For a Powershell newbie, A Solution presented itself during the research.  You can clone the account and place it in the new domain.  Well not so fast cowboy, not all User Account attributes were compatible with the new domain.  So a little more research and googling helped to solve the those issues.

- So google helped me find a random password generator

- Helped find the methods needed to change the incompatible attributes

- Learning to code in Powershell is quite different than I remember how to code.  My last real coding was back in my High School days.  I just won't say how long ago that is.

So some Requirements analysis was required.  I learned some techniques to ask questions of how the code is going to be used?  Who is going to use it?  Do we deploy the new account with a secure password or an unsecure password.   The rest of the information fell in place during the coding process.  So you want to see the code now don't you.  Well, that will be in the next installment

 

Installment #2 2017-10-04

So the first thing I had to research was a random password generator that runs in powershell.  I figured the Powershell community had already solved this.  I just needed to find the simplest one and place it in a function statement.  I found the following from:

http://activedirectoryfaq.com/2017/08/creating-individual-random-passwords/
So I found this password generating script at the above URL.
It is quite effective at generating 8 character passwords.  I needed more
characters for my password length.  So I modified the Variable $password -Lenght parameter
to add more characters of each

function Get-RandomCharacters($length, $characters) {
    $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
    $private:ofs=""
    return [String]$characters[$random]
}
 
function Scramble-String([string]$inputString){     
    $characterArray = $inputString.ToCharArray()   
    $scrambledStringArray = $characterArray | Get-Random -Count $characterArray.Length     
    $outputString = -join $scrambledStringArray
    return $outputString
}
 
$password = Get-RandomCharacters -length 5 -characters 'abcdefghiklmnoprstuvwxyz'
$password += Get-RandomCharacters -length 5 -characters 'ABCDEFGHKLMNOPRSTUVWXYZ'
$password += Get-RandomCharacters -length 4 -characters '1234567890'
$password += Get-RandomCharacters -length 4 -characters '!"§$%&/()=?}][{@#*+'
 
Write-Host $password
 
$password = Scramble-String $password
 
Write-Host $password

 

but this seemed a bit long for me to add to the script.  I so Googled more and found that All I need was a portion of the above script and it ended being like this.

 

I was able to simplify the password generator for my needs as follows:

function Get-RandomPassword {
param(
 $length = 20,
     $characters ='abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ123456789!~@"§$%&/()=?*+#_<>)('
            )
     # select random characters
     $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
     # output random pwd
     $private:ofs = ""
     [String]$characters[$random]
   }

 

Until next time

 Installment # 3 2017-10-6

So the next thing that Investigated was how to create the user.  Do I create them from scratch using the get-aduser and set-aduser?  But, I wanted something a little faster and I was reading that you could create user using the instance of another....Wow, going back to remembering what I learned and forgot.  So, I did a lot of research to e able to gather all the attributes and change them for the new domain.

 Oh, I wanted to add that  I had to learn how to accomplish error trapping, Using Catch and Try statements 

So I am providing the function I created for this task to get-aduser and create new-aduser -instance.  It provides much that is typically copied from a cloned account.  and you point to the Organizational Unit and Domain you want in the function by just manually modifying the parameter in the function statement.  Remember this is early work and there might be better ways to accomplish this.

 

 function Createnewuserdomain1 {
# Search and select the user to be used as template and create new account
      write-host "Provide the Last name we are using as template to copy properties from:" -foregroundcolor DarkRed -backgroundcolor white
      $username = read-host -prompt "provide Last Name" #search for user by using the input from this request
      
      # This function selects the user, filters users properties and passes the properties we want and forwards it new-aduser PowerShell commandlet
      $useraccount = Get-aduser -filter {sn -eq $username} -properties name,surname,givenname,description,displayname,emailaddress,city,office, `
      officephone,postalcode,state,streetaddress,office,officephone,pobox,accountnotdelegated,emailaddress,organization,department,title,company,manager |
      out-gridview -title "Select only one User account at a time" -passthru #used to select the user we want
                #create new user and place in desired ou
                $useraccount = @{
                instance = $useraccount;
                name = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");  
                samaccountname = ("zz"+$accttype+$useraccount.samaccountname);
                DisplayName = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");
                userprincipalname = (("zz"+$accttype+$useraccount.samaccountname) + This email address is being protected from spambots. You need JavaScript enabled to view it.'); #modify user principal name of account to new upn
                accountnotdelegated = $true;
                enabled = $true;
                #otherattribute = @{extensionattribute2 = 'zz'+$accttype1};
                smartcardlogonrequired = $false;
                changepasswordatlogon = $true;
                AccountPassword = (convertto-securestring -asplaintext Get-RandomPassword -Force);#(read-host -assecurestring "The Temporary password")
                path = "ou=created test users,dc=CMOTR,dc=com";
                server = "cmotr1dc1"} #domain controller of your choice
       $one_user= new-aduser @useraccount
       }

 Until next time

 

Installment #4 2017-12-31

It has been a while since I have added new stuff to this Web site.  I have played with more small pieces of Powershell Code at work.  I have been busy renovating a house and trying to spend time with family.

I have been researching various types of aftermarket Hybrid add-ons to my truck, such as Protean.  The market and technology is still fairly young.  When the Tech matures and becomes more cost effective then I can see an expansion of the tech.  I have been considering trying to build my own camping trailer using Lithium batteries as the only source of power for the trailer and solar cells to charge the Lithium batteries.  There is some work to into my thinking.  Some things like conventional heating in the camping trailer will still exist.  But, the Tesla Battery pack or some other Lithium source may be my options.  Packaging within the frame of the trailer is important

As you can see, Application Technology besides new technology work hand in hand to advance Tech in our life's....But, remember keep it innocuous; You don't want it to keep all your attention so you cannot visit with friends and family.  May the Love and Grace of God keep you in the new New Year, and may you spread family cheer.  Happy New Year. Keep Families strong. 

 

 <#
.  The script Creates new Privileged USer accounts from a Template

.  The script uses the get-aduser and new-aduser commandlets to create a new Privileged Account from the users Primary
   Domain account
   
.  This Script was finished by Ken Nielsen on 16 Feb 2015

.  The Error action for an existing account is caught using the $erroractionpreference = "inquire"
   The Error action for an invalid password is caught by the $erroractionpreference.  If you select the
   Continue option then the account is created and is immediately disbled per policy

#>
# The Measure command measures how fast an account is created from time the script is initiates
measure-command {
#Change the labeling and color of the powershell console
$host.ui.RawUI.BackgroundColor= "black"
$host.UI.RawUI.ForegroundColor= "white"
$host.ui.Rawui.Windowtitle= "Create Account Management"

#Error action to inquie and warn user of existing account
$erroractionpreference = "inquire"

function Createnewuserdomain1 {
# Search and select the user to be used as template and create new account
      write-host "Provide the Last name we are using as template to copy properties from:" -foregroundcolor DarkRed -backgroundcolor white
      $username = read-host -prompt "provide Last Name" #search for user by using the input from this request
      
      # This function selects the user, filters users properties and passes the properties we want and forwards it new-aduser PowerShell commandlet
      $useraccount = Get-aduser -filter {sn -eq $username} -properties name,surname,givenname,description,displayname,emailaddress,city,office, `
      officephone,postalcode,state,streetaddress,office,officephone,pobox,accountnotdelegated,emailaddress,organization,department,title,company,manager |
      out-gridview -title "Select only one User account at a time" -passthru #used to select the user we want
                #create new user and place in desired ou
                $useraccount = @{
                instance = $useraccount;
                name = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");  
                samaccountname = ("zz"+$accttype+$useraccount.samaccountname);
                DisplayName = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");
                userprincipalname = (("zz"+$accttype+$useraccount.samaccountname) + This email address is being protected from spambots. You need JavaScript enabled to view it.'); #modify user principal name of account to new upn
                accountnotdelegated = $true;
                enabled = $true;
                #otherattribute = @{extensionattribute2 = 'zz'+$accttype1};
                smartcardlogonrequired = $false;
                changepasswordatlogon = $true;
                AccountPassword = (convertto-securestring -asplaintext Get-RandomPassword -Force);#(read-host -assecurestring "The Temporary password")
                path = "ou=created test users,dc=CMOTR,dc=com";
                server = "cmotr1dc1"} #domain controller of your choice
       $one_user= new-aduser @useraccount
       }
            
function Createnewuserdoamain2 {
#select the user to be used as template and create new pam account
     write-host "Provide the Last name we are using as template to copy properties from:" -foregroundcolor DarkRed -backgroundcolor white
     $username = read-host -prompt "provide Last Name"

     $useraccount = Get-aduser -filter {sn -eq $username} -properties name,surname,givenname,description,displayname,emailaddress,city,office, `
     officephone,postalcode,state,streetaddress,office,officephone,pobox,accountnotdelegated,emailaddress,organization,department,title,company,manager |
     out-gridview -title "Select only one User account at a time" -passthru #used to select the user we want
                #create new user and place in desired ou
                $useraccount = @{
                instance = $useraccount;
                name = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");  
                samaccountname = ($accttype+$useraccount.samaccountname);
                DisplayName = ($useraccount.surname + ", " + $useraccount.givenname + " " + "("+$accttype+")");
                userprincipalname = (($accttype+$useraccount.samaccountname) + This email address is being protected from spambots. You need JavaScript enabled to view it.');
                accountnotdelegated = $true;
                enabled = $true;
                #otherattribute = @{extensionattribute2 = 'zz'+$accttype1};
                smartcardlogonrequired = $false;
                changepasswordatlogon = $true;
                AccountPassword = (convertto-securestring -asplaintext Get-RandomPassword -Force);#(read-host -assecurestring "The Temporary password")
                path = "ou=created test users,dc=CMOTR,dc=com";
                server = "cmotr1dc1"} #domain controller of your choice
      $one_user= new-aduser @useraccount
      }

function Get-RandomPassword {
param(
 $length = 20,
     $characters ='abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ123456789!~@"§$%&/()=?*+#_<>)('
            )
     # select random characters
     $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
     # output random pwd
     $private:ofs = ""
     [String]$characters[$random]
   }

# Loop to continue to create more accounts or not
$Pam_more = "Y"

import-module activedirectory
do {
    #limit user choices
    do {
        Write-host "Select an option for the type of account being created. Your only options are d1, 2, d3, or zz.  This script will conitnue to prompt for the correct repsonse, or until you press Control  + C" -foregroundcolor DarkRed -backgroundcolor white
        $accttype = read-host -prompt "Enter d1, 2, d3, or zz for one of the four types of accounts created"
        }
        until ($accttype -eq "d1" -or $accttype -eq "d2" -or $accttype -eq "d3" -or $accttype -eq "zz")

                
        switch ($accttype){
            d1 { Createnewuserdomain1 $accttype1 = "d1"}
            d2 { Createnewuserdomain2 $accttype1 = "d2"}
            #d3 { Createnewuserdomain3 $accttype1 = "d3"} for a third domain
            #zz { createnewzzuser} #{$accttype1 ="zz"} for a fourth domain
             }

            #from the switch command we call the defined functions above


            start-sleep -s 5 #used to allow the delivery of all parameters for new account
   
    $Pam_more = Read-host -prompt "Create another account (Y/N)"
    }
until ($Pam_more -eq "N")

}
start-sleep -s 5