we had user lockouts due to expired passwords for end users, 

this script searches the exchange servers iis logs for events by the user and error type 401 due to bad password

it asks input for servername, username to search for and what user to send the log

it attaches a log and sends the user thus a simple search can pinpoint what device and what time that user have issues and a simple summary can help out with the problem

 

a preview of the script as below

PowerShell
Edit|Remove
$time = (Get-Date).AddDays(-1) 
#$time = (Get-Date).Addhours(-2) 
$username = read-host "UserName" 
$server = read-host "Exchange ServerName" 
$mailuserread-host "Mail result to username" 
$mailtouser =get-aduser $mailuser -Properties * |select mail -ExpandProperty mail 
Get-ChildItem -Recurse -Path \\$server\c$\inetpub\logs\LogFiles | Where-Object {$_.LastWriteTime -gt $time| Select-String -pattern "($username.*401)" | Out-String -Stream | Select-String '.*' | Select-Object Line | out-file -append "\\savetoserver\d$\Logs\$username.txt" 
 
#$path = "\\savetoserver\d$\Logs\$username.csv" 
#(Get-Content $path -Raw).Replace("`r`n","") | Set-Content \\savetoserver\d$\Logs\$username_replaced.csv 
 
$smtp = read-host "SMTP Server" 
  
$to = $mailtouser 
$destination ="\\savetoserver\d$\Logs\$username.txt" 
  
$from = "lockout_log@skanska.se"  
  
$subject = "LockOut Log from $server for $username"   
  
$body = "Hello! <b><font color=black></b></font> <br>"  
  
$body +"Please check the report for 401 errors for user $username <br>"  
  
$body +"Sincerely,<br>The Global Directory Services Team<br>"  
$attachemnt =