EventID 4740报告使用powershell并禁止电子邮件传递(如果为空)

时间:2017-01-16 21:32:50

标签: powershell

我有一个脚本可以从安全日志中获取所有信息,并且事件ID为4740.然后,它会创建一个html报告并通过电子邮件发送给它。我想要做的是退出脚本,如果没有从$ event返回的数据。

# Created by Brad Tostenson 1/13/17
# This script will gather all the events with event ID 4740 (Account Locked Out)
# creates a report in HTML and emails it to the System Admins as the body
# of the email.

# Varaible the sets the reports temporary location
$LockedOut= "c:\temp\LockedOut.html"

# Setup date
$Date = Get-Date

# Sets up the report 
$HTML=@" 
<title>Account locked out Report</title> 
<!--mce:0--> 
"@ 

# Setup variables for the information to go under the headers in the report 
$Account_Name = @{n='Account Name';e={$_.ReplacementStrings[-1]}} 
$Account_domain = @{n='Account Domain';e={$_.ReplacementStrings[-2]}} 
$Caller_Computer_Name = @{n='Caller Computer Name';e={$_.ReplacementStrings[-1]}} 

   # Pulls the information from the log             
$event = Get-EventLog -LogName Security -InstanceId 4740 -after $date.AddHours(-24) | 
   Select TimeGenerated,ReplacementStrings,"Account Name","Account Domain","Caller Computer Name" | 
   % { 
     New-Object PSObject -Property @{ 
      "Account Name" = $_.ReplacementStrings[-7] 
      "Account Domain" = $_.ReplacementStrings[5] 
      "Caller Computer Name" = $_.ReplacementStrings[1] 
      Date = $_.TimeGenerated 
    } 
   } 

  $event | ConvertTo-Html -Property "Account Name","Account Domain","Caller Computer Name",Date -head $HTML -body  "<H2> The Following User Accounts Were Locked In Active Directory</H2>"| 
     Out-File $LockedOut -Append 

# Takes the report and adds the information to the body of the email and sends it to the System Admins 
$MailBody= Get-Content $LockedOut 
$MailSubject= "Account Lock Report" 
$SmtpClient = New-Object system.net.mail.smtpClient 
$SmtpClient.host = "smtp.ourdomain.com" 
$MailMessage = New-Object system.net.mail.mailmessage 
$MailMessage.from = "LockedOut@ourdomain.com" 
$MailMessage.To.add("email@ourdomain.com") 
$MailMessage.Subject = $MailSubject 
$MailMessage.IsBodyHtml = 1 
$MailMessage.Body = $MailBody 
$SmtpClient.Send($MailMessage) 

del c:\temp\LockedOut.html

1 个答案:

答案 0 :(得分:2)

如果$event没有返回任何数据,我不明白为什么Get-EventLog不为null,而null的布尔值为false。这意味着您可以这样做:

if (!$event) { exit }

或者,如果它更有意义,你可以这样做:

if ($event) {

      $event | ConvertTo-Html -Property "Account Name","Account Domain","Caller Computer Name",Date -head $HTML -body  "<H2> The Following User Accounts Were Locked In Active Directory</H2>"| 
         Out-File $LockedOut -Append 

    # Takes the report and adds the information to the body of the email and sends it to the System Admins 
    $MailBody= Get-Content $LockedOut 
    $MailSubject= "Account Lock Report" 
    $SmtpClient = New-Object system.net.mail.smtpClient 
    $SmtpClient.host = "smtp.ourdomain.com" 
    $MailMessage = New-Object system.net.mail.mailmessage 
    $MailMessage.from = "LockedOut@ourdomain.com" 
    $MailMessage.To.add("email@ourdomain.com") 
    $MailMessage.Subject = $MailSubject 
    $MailMessage.IsBodyHtml = 1 
    $MailMessage.Body = $MailBody 
    $SmtpClient.Send($MailMessage) 

    del c:\temp\LockedOut.html

}

此外,您可能希望查看使用Send-MailMessage cmdlet。你正在做的事情要简单得多。

您在技术上根本不需要$LockedOut文件,但我猜您正在使用它,以防网络出现故障或电子邮件由于某种原因而失败。

相关问题
最新问题