Hi all,
Been looking through the forums but have not found a way yet to achieve the following;
- I have a custom sensor which checks for blocked users with powershell, works great - I would like to send some kind of http(s) request to the prtg server which will run another powershell script to unlock the locked user, but only on demand, not automated.
The scripts are easy and already created and tested, see below. Thanks for any help in advance.
lockedusers.ps1:
Import-Module ActiveDirectory
$server=Search-ADAccount -Lockedout -UsersOnly | select SamAccountName
if ($server.count -eq $null -and $server -eq $null){
$a=0
}
Elseif ($server.count -eq $null -and $server -ne $null){
$a=1
}
Else
{
$a=@($server.count)
}
Write-Host "<prtg>"
Write-Host "<result>"
"<channel>Locked Out Users</channel>"
"<value>"+ $a +"</value>"
"</result>"
"<text>" + (($server | select SamAccountName | ConvertTo-Csv -NoTypeInformation | select -skip 1 ) -join ", ").replace("""","") + "</text>"
Write-Host "</prtg>"
unlock.ps1:
Search-ADAccount -LockedOut | Unlock-ADAccount
Article Comments
Followed your suggestion. Log shows : Threshold Trigger sending Email,EXE (Sensor/Source/ID: 3500/3500/1).
But the locked account is still locked afterwards. Suggestions?
Jun, 2015 - Permalink
I configured it this way, I can see how it should work. I do see that my script is being called but the account is not unlocked. Where can i find the logging on the script?
HTTP Push Data Advanced BETA Unlock On Demand Notification Info Threshold Trigger sending Email,EXE (Sensor/Source/ID: 3500/3500/1)
Should testing the notification also run the exe? I think so right? But thats not working either. Running the script through powershell on the probe does work... Any clue for me?
Jun, 2015 - Permalink
Testing it should work as well, given that the parameters are correct and that the script works when executing on the command line - is that the case? Can you paste the parameters configured?
Jun, 2015 - Permalink
The script on its own should simply unlock all locked users, i wouldnt know what parameter to pass;
Import-Module ActiveDirectory Search-ADAccount -LockedOut | Unlock-ADAccount
When executing powershell.exe -File "c:\Program Files (x86)\PRTG Network Monitor\Notifications\EXE\og-unlock_users.ps1" it works just fine...
Jun, 2015 - Permalink
Fair enough - is the PRTG service running as a different user without administrative permissions?
Jun, 2015 - Permalink
Supplying another account in the custom notification fixed the issue. Thanks for setting me on the correct path! It works like a charm now. Using iControl web I can now unlock user accounts from my Apple watch like any lazy admin should want :)
Jun, 2015 - Permalink
Have a look at the HTTP Push Data (Advanced) sensor - configure the script to run as notification when the sensor receives a certain value and pass the data to the notification :)
Jun, 2015 - Permalink