What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is it possible to monitor Active Directory User Account Status?

Votes:

0

I want to use a sensor to tell me when users in AD are locked out or disabled. Is there some way to do this using PRTG?

active-directory custom-script-exe custom-sensor powershell prtg

Created on Aug 27, 2013 1:40:42 PM by  Greg Campion [Paessler Support]

Last change on Mar 19, 2015 3:42:10 PM by  Martina Wittmann [Paessler Support]



25 Replies

Accepted Answer

Votes:

1

This article applies to PRTG Network Monitor 13 or later

Search AD-Account Custom Sensor

Using the code below in an EXE/Script Advanced sensor will allow you to query AD and find users that are locked out, disabled and more. The resulting users will be displayed in the last message field in PRTG telling you which accounts are specifically having issues.

Also, this code can be modified with different queries used with the Seach-ADAccount command. You can find the different switches in the article here on Microsoft's Technet.

Import-Module ActiveDirectory


$server=Search-ADAccount -AccountDisabled -UsersOnly | select SamAccountName
if ($server.count -eq $null -and $server -eq $null){
    $a=0
}
Elseif ($server.count -eq $null -and $server -ne $null){
    $a=1
}
Else
{
    $a=@($server.count)
    
}
Write-Host "<prtg>"
Write-Host "<result>" 
"<channel>Locked Out Users</channel>" 
    
"<value>"+ $a +"</value>" 
"</result>"
"<text>" + (($server | select SamAccountName | ConvertTo-Csv -NoTypeInformation | select -skip 1 ) -join ", ").replace("""","") + "</text>"
Write-Host "</prtg>"

NOTE: Please keep in mind that this will require the PRTG machine to have the Active Directory PS Module which can be installed following this guide.

Created on Aug 27, 2013 1:47:35 PM by  Greg Campion [Paessler Support]

Last change on Apr 4, 2019 7:30:43 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Is it then possible to show the "Last Message" on a map? I'm able to get the number of locked out users to display but can't seem to get the information in the Last Message to show on my map.

Created on Jan 7, 2016 7:05:48 PM



Votes:

0

Hello keisenbarth, thank you for your inquiry.

To display a Sensor's message on a Map, you'll need to utilize the specific map objects which display the message content, for example:

  • Status Icons > Sensor Message only (Transparent)
  • Status Icons > Sensor Message only (On white)
  • Status Icons > Sensor Message only on Status Related Background

There are several other objects which may display the sensor's message again, the objects listed above are an example.

Best Regards,

Created on Jan 11, 2016 6:47:39 AM by  Luciano Lingnau [Paessler]

Last change on Jan 11, 2016 6:47:53 AM by  Luciano Lingnau [Paessler]



Votes:

0

thanks a lot , i can get the number of locked user, but i want to get the name of locked user, is it possible? how?

Created on Dec 16, 2016 6:41:05 AM



Votes:

0

Hello there,

The resulting users will be displayed in the last message field in PRTG telling you which accounts are specifically having issues.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Dec 16, 2016 9:38:36 AM by  Luciano Lingnau [Paessler]



Votes:

0

This maybe a silly question, but where is the "last message" field. I've got the script working, and sensor reports when there's a locked user, but I can't for the life of me find the message field in the sensor (where I assume the name of the locked user would be).

Thanks Carl

Created on Jan 19, 2017 1:32:17 PM



Votes:

0

Hi there,

The message is displayed in the green sensor message bar, as displayed in the screenshot (just an example): Image

Best regards.

Created on Jan 19, 2017 1:50:11 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Thanks for that. For some reason I couldn't see the woods for the trees. Perhaps as the sensor was just "ok", so I didn't notice it, and was looking in the channel section below. I could see it on the map ok, but not in the sensor. Don't I feel a little dim now? :-)

Created on Jan 20, 2017 8:43:25 AM



Votes:

0

Hi,

It's okay, we all have bright and "not so" bright moments. :)

Created on Jan 20, 2017 8:53:42 AM by  Dariusz Gorka [Paessler Support]



Votes:

1

I have tried to add an change notification to this sensor, ie. Locked Out users changes from 4 to 5, then I would like to have an email notification. But this change trigge does not seem to work on this sensor?

Created on Mar 7, 2017 10:22:32 AM



Votes:

0

Dear Kjetil Skjold,
Please open a new support ticket for that and forward us some screenshots of the sensor. We need the tabs Overview, Log, Notifications and Settings and also a screenshot from the parent-device (tab Settings).

Thank you very much in advance.

Best regards,
Sven

Created on Mar 7, 2017 12:15:40 PM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Hey there. Does the Probe server need to run on the same Server as the locked out sensor is running ? What to change in the PS, if the DC Server is in a group under the Probe Server ? I know there is Locked out user, but the sensor is green and says (OK). Best regards Jan

Created on Jun 20, 2017 8:38:35 AM



Votes:

0

Hey Jan,

Thank you for your KB-posting.

  • Does the Probe server need to run on the same Server as the locked out sensor is running ? The sensor needs to run on a probe device (Local Probe or Remote Probe) which is member of the very same domain as the target server is.
  • What to change in the PS, if the DC Server is in a group under the Probe Server ? There is no need to change anything in the PS script.

To analyze if you have all necessary modules installed, please open a PowerShell Console with administrative rights on the corresponding Probe Device and run the following two commands:

Import-Module ActiveDirectory
Search-ADAccount -AccountDisabled -UsersOnly | select SamAccountName

Do you get any error message?

  • I know there is Locked out user, but the sensor is green and says (OK). The sensors stays green as it returns a valid value from the script. So, actually, the sensor state shows if the script is working properly.

If you want to change the sensor to error state in case of 1, 2, 3, 4, ... locked users, simply configure Limits to the Locked Out Users channel.

Best regards,
Sven

Created on Jun 21, 2017 8:28:26 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

For me the Sensor is always Green. I did a few tests and locked out some accounts, but the sensor stays green. It does not detect lockouts. Says 0 all the time. Been running it for a few weeks and has always said 0 even though I know that there has been lockouts... not sure what is going on.

Created on Jul 27, 2017 5:57:09 PM



Votes:

0

Hey Manny,

Please forward us a Support Bundle including the system log files for analysis.This can be done via the "Contact Support" ribbon in the lower right corner of the web interface.

Please enter this ticket's case number PAE900955 when submitting the Bundle.

Additionally, please head to the sensor settings and enable the option Sensor Result >> Write sensor result to disk (...). Afterwards, please forward us all (up to three) result files from the sensor. You should find these files under C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors).

Also, please forward us screenshots of one of the affected sensors (tabs: Overview, Log and Settings) and from the parent device (tab: Settings).

Thank you very much in advance.

Kind regards,
Sven

Created on Jul 28, 2017 6:25:49 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Hi Sven,

Thanks for that. I have submitted the bundle, but I did not see an option to attach the screenshots and log. I'll reply to your email if I see one.

Thanks

Created on Aug 1, 2017 12:26:30 AM



Votes:

0

I am running this sensor on a Windows 2008 R2 Host. The host is where the PRTG Remote Probe is install. I have installed the AD powershell tools through the Server Manager Features. The sensor is returning the following warning/error:

XML: The returned xml does not match the expected schema. (code: PE233) -- JSON: The returned json does not match the expected structure (Invalid JSON.). (code: PE231)

Any assistance?

Created on Sep 21, 2017 7:23:52 PM

Last change on Apr 30, 2018 10:08:33 AM by  Luciano Lingnau [Paessler]



Votes:

0

Any suggestions how I could filter the monitor users in 1 OU?

Created on Jun 10, 2021 9:15:40 PM



Votes:

0

Simply adjust the following line:

$server=Search-ADAccount -AccountDisabled -UsersOnly | select SamAccountName

Use the following webpage for details:

https://docs.microsoft.com/en-us/powershell/module/activedirectory/search-adaccount?view=windowsserver2019-pshttps://docs.microsoft.com/en-us/powershell/module/activedirectory/search-adaccount?view=windowsserver2019-ps

You likely want to add the parameter -SearchBase

Regards

Florian Rossmark

www.it-admins.com

Created on Jun 11, 2021 1:24:20 PM



Votes:

0

Hi everyone,

please pay attention, it seems some of you are mixing up disabled vs. locked accounts:

Disabled accounts: Search-ADAccount -AccountDisabled

LockedOut acccounts: Search-ADAccount -LockedOut

Regards, Daniel

Created on Jul 14, 2021 1:31:26 PM



Votes:

0

hi,

i got the problem, that every value was null. if someone has the same problem, just install AD Module for PowerShell via ServerManger

Regards, Rene

Created on Aug 12, 2021 12:04:54 PM



Votes:

0

When I attempt to add the sensor to the probe device, it returns the value but does not add a "Locked User" channel as well as it remains in alarm with a value of 0. Any thoughts?

Created on Aug 27, 2021 12:01:20 PM



Votes:

0

All works fine, but is it possible to format the output for maps? It would be great that every returned value would be in one line - in example

user1 user2 user3 ...

Created on Jan 20, 2022 9:58:31 AM



Votes:

0

I have installed the script but it is always green with value 0. How can I give a value other than 0 to know that there is an error?

Created on May 4, 2022 10:45:14 AM



Votes:

0

Hello Eulises,

Thank you for your message.

Regarding the issue you are facing, can you make sure that you are running the latest version of PRTG and provide me the following information:

  • Is the PowerShell module installed in 32bit?
  • When you execute the script manually via the PowerShell console (x86), does it work properly?
  • Which account do you use to execute the script (parameter Security Context in the sensor Settings tab)
  • Is the PowerShell security enhancement feature enabled under Setup > System Administration > Monitoring | Experimental Features ?

I also invite you to replace the Write-Host commands in the script with Write-Output as indicated below:

Write-Output @"
<prtg>
<result>
<channel>Locked Out Users</channel>
<value>$a</value>
</result>
<text>$((($server | select SamAccountName | ConvertTo-Csv -NoTypeInformation | select -skip 1 ) -join ", ").replace("""",""))</text>
</prtg>
"@

Regards.

Created on May 9, 2022 10:16:32 AM by  Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.