New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Is it possible to monitor Active Directory User Account Status?

Votes:

0

Your Vote:

Up

Down

I want to use a sensor to tell me when users in AD are locked out or disabled. Is there some way to do this using PRTG?

active-directory custom-script-exe custom-sensor powershell prtg

Created on Aug 27, 2013 1:40:42 PM by  Greg Campion [Paessler Support]

Last change on Mar 19, 2015 3:42:10 PM by  Martina Wittmann [Paessler Support]



17 Replies

Accepted Answer

Votes:

1

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 13 or later

Search AD-Account Custom Sensor

Using the code below in an EXE/Script Advanced sensor will allow you to query AD and find users that are locked out, disabled and more. The resulting users will be displayed in the last message field in PRTG telling you which accounts are specifically having issues.

Also, this code can be modified with different queries used with the Seach-ADAccount command. You can find the different switches in the article here on Microsoft's Technet.

Import-Module ActiveDirectory


$server=Search-ADAccount -AccountDisabled -UsersOnly | select SamAccountName
if ($server.count -eq $null -and $server -eq $null){
    $a=0
}
Elseif ($server.count -eq $null -and $server -ne $null){
    $a=1
}
Else
{
    $a=@($server.count)
    
}
Write-Host "<prtg>"
Write-Host "<result>" 
"<channel>Locked Out Users</channel>" 
    
"<value>"+ $a +"</value>" 
"</result>"
"<text>" + (($server | select SamAccountName | ConvertTo-Csv -NoTypeInformation | select -skip 1 ) -join ", ").replace("""","") + "</text>"
Write-Host "</prtg>"

NOTE: Please keep in mind that this will require the PRTG machine to have the Active Directory PS Module which can be installed following this guide.

Created on Aug 27, 2013 1:47:35 PM by  Greg Campion [Paessler Support]

Last change on Apr 4, 2019 7:30:43 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Your Vote:

Up

Down

Is it then possible to show the "Last Message" on a map? I'm able to get the number of locked out users to display but can't seem to get the information in the Last Message to show on my map.

Created on Jan 7, 2016 7:05:48 PM by  keisenbarth (0)



Votes:

0

Your Vote:

Up

Down

Hello keisenbarth, thank you for your inquiry.

To display a Sensor's message on a Map, you'll need to utilize the specific map objects which display the message content, for example:

  • Status Icons > Sensor Message only (Transparent)
  • Status Icons > Sensor Message only (On white)
  • Status Icons > Sensor Message only on Status Related Background

There are several other objects which may display the sensor's message again, the objects listed above are an example.

Best Regards,

Created on Jan 11, 2016 6:47:39 AM by  Luciano Lingnau [Paessler Support]

Last change on Jan 11, 2016 6:47:53 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

thanks a lot , i can get the number of locked user, but i want to get the name of locked user, is it possible? how?

Created on Dec 16, 2016 6:41:05 AM by  tamelar88 (0)



Votes:

0

Your Vote:

Up

Down

Hello there,

The resulting users will be displayed in the last message field in PRTG telling you which accounts are specifically having issues.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Dec 16, 2016 9:38:36 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

This maybe a silly question, but where is the "last message" field. I've got the script working, and sensor reports when there's a locked user, but I can't for the life of me find the message field in the sensor (where I assume the name of the locked user would be).

Thanks Carl

Created on Jan 19, 2017 1:32:17 PM by  Griff (0)



Votes:

0

Your Vote:

Up

Down

Hi there,

The message is displayed in the green sensor message bar, as displayed in the screenshot (just an example): Image

Best regards.

Created on Jan 19, 2017 1:50:11 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Thanks for that. For some reason I couldn't see the woods for the trees. Perhaps as the sensor was just "ok", so I didn't notice it, and was looking in the channel section below. I could see it on the map ok, but not in the sensor. Don't I feel a little dim now? :-)

Created on Jan 20, 2017 8:43:25 AM by  Griff (0)



Votes:

0

Your Vote:

Up

Down

Hi,

It's okay, we all have bright and "not so" bright moments. :)

Created on Jan 20, 2017 8:53:42 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I have tried to add an change notification to this sensor, ie. Locked Out users changes from 4 to 5, then I would like to have an email notification. But this change trigge does not seem to work on this sensor?

Created on Mar 7, 2017 10:22:32 AM by  Kjetil Skjold (10)



Votes:

0

Your Vote:

Up

Down

Dear Kjetil Skjold,
Please open a new support ticket for that and forward us some screenshots of the sensor. We need the tabs Overview, Log, Notifications and Settings and also a screenshot from the parent-device (tab Settings).

Thank you very much in advance.

Best regards,
Sven

Created on Mar 7, 2017 12:15:40 PM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Your Vote:

Up

Down

Hey there. Does the Probe server need to run on the same Server as the locked out sensor is running ? What to change in the PS, if the DC Server is in a group under the Probe Server ? I know there is Locked out user, but the sensor is green and says (OK). Best regards Jan

Created on Jun 20, 2017 8:38:35 AM by  Jan Iversen (0) 1



Votes:

0

Your Vote:

Up

Down

Hey Jan,

Thank you for your KB-posting.

  • Does the Probe server need to run on the same Server as the locked out sensor is running ? The sensor needs to run on a probe device (Local Probe or Remote Probe) which is member of the very same domain as the target server is.
  • What to change in the PS, if the DC Server is in a group under the Probe Server ? There is no need to change anything in the PS script.

To analyze if you have all necessary modules installed, please open a PowerShell Console with administrative rights on the corresponding Probe Device and run the following two commands:

Import-Module ActiveDirectory
Search-ADAccount -AccountDisabled -UsersOnly | select SamAccountName

Do you get any error message?

  • I know there is Locked out user, but the sensor is green and says (OK). The sensors stays green as it returns a valid value from the script. So, actually, the sensor state shows if the script is working properly.

If you want to change the sensor to error state in case of 1, 2, 3, 4, ... locked users, simply configure Limits to the Locked Out Users channel.

Best regards,
Sven

Created on Jun 21, 2017 8:28:26 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Your Vote:

Up

Down

For me the Sensor is always Green. I did a few tests and locked out some accounts, but the sensor stays green. It does not detect lockouts. Says 0 all the time. Been running it for a few weeks and has always said 0 even though I know that there has been lockouts... not sure what is going on.

Created on Jul 27, 2017 5:57:09 PM by  MannyL (0) 1



Votes:

0

Your Vote:

Up

Down

Hey Manny,

Please forward us a Support Bundle including the system log files for analysis.This can be done via the "Contact Support" ribbon in the lower right corner of the web interface.

Please enter this ticket's case number PAE900955 when submitting the Bundle.

Additionally, please head to the sensor settings and enable the option Sensor Result >> Write sensor result to disk (...). Afterwards, please forward us all (up to three) result files from the sensor. You should find these files under C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors).

Also, please forward us screenshots of one of the affected sensors (tabs: Overview, Log and Settings) and from the parent device (tab: Settings).

Thank you very much in advance.

Kind regards,
Sven

Created on Jul 28, 2017 6:25:49 AM by  Sven Roggenhofer [Paessler Technical Support]



Votes:

0

Your Vote:

Up

Down

Hi Sven,

Thanks for that. I have submitted the bundle, but I did not see an option to attach the screenshots and log. I'll reply to your email if I see one.

Thanks

Created on Aug 1, 2017 12:26:30 AM by  MannyL (0) 1



Votes:

0

Your Vote:

Up

Down

I am running this sensor on a Windows 2008 R2 Host. The host is where the PRTG Remote Probe is install. I have installed the AD powershell tools through the Server Manager Features. The sensor is returning the following warning/error:

XML: The returned xml does not match the expected schema. (code: PE233) -- JSON: The returned json does not match the expected structure (Invalid JSON.). (code: PE231)

Any assistance?

Created on Sep 21, 2017 7:23:52 PM by  jeff_dacom (0)

Last change on Apr 30, 2018 10:08:33 AM by  Luciano Lingnau [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.