-1

So we've been using this PS script for a while and was working fine until we migrated the domain controllers. The new domain controllers are running core Microsoft Windows Server 2019 Datacenter. We have 2 domain controllers and both are enabled in Task Scheduler. But for some reason the script is working intermittently. Sometimes it sends out the alerts other times it doesn't. And I can't figure out what the issue is exactly.

This is the script I have:


#################################################################

#Declare variables to be used for the Email
$MailSubject= “User Account locked out”
$MailFrom=”ourdomaincontroller1@ourdomain.com”
$MailTo=”ourITmailbox@ourdomain.com”

#Gets the Event Log that contains the most recent lockout event
$Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1

#Creates a variable which contains the contents of the lockout event log. This is used for the actual message in the email
$MailBody= $Event.Message + “`r`n`t” + $Event.TimeGenerated

#Creates an SMTP Object and assigns an SMTP Address
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = “our-adconnect.ourdomain.local”

#Creates a new Mail Message Object. This is the object needed for the addressing email, subject, body, etc
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = $MailFrom
$MailMessage.To.add($MailTo)
$MailMessage.IsBodyHtml = 0
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody

#Actually Sends the Message
$SmtpClient.Send($MailMessage)
imaxt
  • 1
  • 1
  • My guess would be the adconnect SMTP host is causing an exception. Hard to know without any logging or other details. At a minimum this needs to be in a try catch finally and log before/after and when an exception occurs. – Greg Askew Feb 08 '23 at 18:59
  • When I comment out this: $Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 And put a string in the mailbody $MailBody= "Test" The script works. So the issue is probably the script? – imaxt Feb 09 '23 at 10:21
  • Are there 4740 events present in the Security event log and the Get-EventLog is not returning the event? Or are you saying it works from the command prompt but not in a script? – Greg Askew Feb 09 '23 at 10:30
  • Yes there are 4740 events present on the dc server. And the way I tested the script was manually by simply right-click > run in Powershell via the file browser. – imaxt Feb 09 '23 at 10:47
  • If you run the single/one Get-EventLog command manually from the command prompt, does it return the expected result? – Greg Askew Feb 09 '23 at 10:57
  • Yes ```PS C:\Windows\system32> Get-EventLog -LogName Security -InstanceId 4740 -Newest 1 Index Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 46852615 Feb 09 11:01 SuccessA... Microsoft-Windows... 4740 A user account was locked out....``` – imaxt Feb 09 '23 at 11:22
  • You obviously need to add logging to the script. After each line if necessary. No point in guessing about what is happening. Also replace the smart quotes (“ ”) that were copied and pasted from the Internet with regular quotes ("). – Greg Askew Feb 09 '23 at 13:17
  • Script has been working with the old DC which was running full version of Windows Server 2016 for years now. Maybe it's a limitation of 2019 core and scheduling it over the Windows Admin Portal. – imaxt Feb 09 '23 at 23:10
  • Then don't add logging. – Greg Askew Feb 10 '23 at 10:19

1 Answers1

0

Trying to setting it up in WAC did not work. Exported a task from another server which I then imported on the core server using schtasks. That worked.

imaxt
  • 1
  • 1