Submitted By: Eric Payne

Checks for locked-out user accounts in a specified Active Directory OU (and any sub-OUs). If a locked account is found the script creates an event that can be identified by a MOM event rule.

Visual Basic
Edit|Remove
'#####================================================================================ 
'## Title: ADAccountLockedOutByOU.vbs
'## Author: Eric Payne 
'## Client\Company: xxxx
'## Date: 10/16/2006
'##		
'## Purpose: 
'##		1. Loop through OU passed in recursively and checks to see if any AD user account(s) 
'##        are locked out. If an account is found to be locked out script will create an event to 
'##        be picked out by a mom event event rule and will raise an alert.
'##					 
'## Requirements:
'##		1. Mom Script Parameter of "OU"
'##        Example: "LDAP://OU=Service Accounts,OU=USA,DC=Domain,DC=com"
'##        Note: You can supply multiple OU's seperated by a semi colon
'##
'##	Issues: 
'##		1. 
'##		
'##	Revisions:
'##		1.
'##		
'##	To Do Items: 
'##		1. 
'##		2. 
'##		3. 
'##
'## Basic Logic: 
'##		1. Set internal variables based on passed in parameters
'##		2. Loop through Each OU
'##		4. Check to see if user account is locked out
'#####================================================================================ 

On Error Resume Next

'Declarations
Dim objParams			'Object for Parameters

Dim strOU				'String for one Organizational Unit
Dim strOUs				'String for list of OU's

Dim arrOUs				'Arry of OU's

'Event Type constants
Const EVENT_TYPE_ERROR = 1	
Const EVENT_TYPE_WARNING = 2
Const EVENT_TYPE_INFORMATION = 4

'## (1) Set variables ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
Set objParams = ScriptContext.Parameters
strOUs = objParams.Get("OU")

'Testing:
'strOUs = "LDAP://OU=Service Accounts,OU=USA,DC=Domain,DC=com"
 
'Fill arrOus with OU's passed in
if instr(strOUs,";") > 0 then
	arrOUs = split(strOUs,";")
Else
	arrOUs = array("")
	arrOUs(0)= strOUs
End if

'## (2) Loop through each OU ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
For each strOU in arrOUs
	ListUsers strOU
Next

if err <> 0 then CreateEvent 1002,EVENT_TYPE_ERROR,"ADAccountLockedOut",err.number & " " & err.Description 

Sub ListUsers(OU)
	Set colUsers = GetObject(OU)
	
	For each objItem in colUsers
		If objItem.Class = "user" then
			Set objUser = objItem
			if not objUser.AccountDisabled Then
				if objUser.IsAccountLocked Then
					CreateEvent 1001,EVENT_TYPE_ERROR,"ADAccountLockedOut",objUser.Name & " account is locked out"				
				End if
			End if
		End if
		if objItem.Class = "organizationalUnit" Then
			ListUsers objItem.adspath
		End if
	Next
End Sub

Sub CreateEvent(intEventNumber,intEventType,strEventSource,strEventMessage)
    Set objEvent = ScriptContext.CreateEvent()
    objEvent.EventSource = strEventSource
    objEvent.EventNumber = intEventNumber
    objEvent.EventType = intEventType 
    objEvent.Message = strEventMessage
    ScriptContext.Submit objEvent
End Sub