AD Service Check to monitor status for user state

[gselvakumar]

Hi Team,

We want implement AD Service Check to monitor status(whether locked) for a particular users on a windows server. Domain level monitoring would what we needed. However, monitoring on the register level would be really awesome if we could, just would be very involved I guess since we would want to monitor other things.
I searched In the forum I got the two urls mentioned below. But I am not sure how to use it for a particular user. Please help me with this requirement.

1) https://exchange.nagios.org/directory/P ... ts/details
2)https://exchange.nagios.org/directory/P ... ck/details

[rkennedy]

The Exchange page provides quite a bit of information. An example on how to use it for you would be -

Code: Select all

.\lotp_check_ad_accounts.ps1 LockedOut "dc=mydomain,dc=com" subtree 5 10
CRITICAL: 216 LockedOut|216;5;10

It also mentions what needs to be done, for installing -

Code: Select all

-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_ad_account -a $ARG1$ "$ARG2$" $ARG3$ $ARG4$ $ARG5$ 

Code: Select all

-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_ad_account=lotp_check_ad_accounts.ps1 $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ 

You might be able to specify the exact path for the users object, but otherwise I don't see a built in way to specify a certain user. They would need to be in a specific OU. Granted, you could always modify the Powershell script to your needs.

[gselvakumar]

how to use it for a particular user?

[gselvakumar]

Hi
I added below the script in Windows server in the folder C:Program Files\NSClient++\scripts
and added the below mentioned command to nsclient.ini

Code: Select all

[/settings/external scripts/wrapped scripts]
check_ad_account=lotp_check_ad_accounts.ps1 $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ 

After that I tried executing below mentioned command from my Nagios console.I am getting an error as mentioned in the attachment.

Code: Select all

./check_nrpe -H WUSRCDNAG00 -n -c check_ad_account -a AccountInactive "dc=pmside,dc=net" subtree 5 10

Please let me know is that anything that I missing?
Please help me with this.

[bwallace]

Regarding "CHECK_NRPE: Received 0 Bytes From Daemon. Check The Remote Server Logs For Error
Messages" -- See section V of this doc:
https://assets.nagios.com/downloads/nag ... utions.pdf

If NRPE is running on the client server then the likely problem is the check command does not align with what is specified in the script. Post both items here if the steps in the doc do not enable you to resolve, thanks.

[gselvakumar]

Is there any other scripts/ways to status for user state apart from one mentioned below
1) https://exchange.nagios.org/directory/P ... ts/details
2)https://exchange.nagios.org/directory/P ... ck/details

Is there any other method/script that we can use to monitor status for a particular user on a register level rather than on a domain level.

[rkennedy]

Is there any other scripts/ways to status for user state apart from one mentioned below
1) https://exchange.nagios.org/directory/P ... ts/details
2)https://exchange.nagios.org/directory/P ... ck/details

Is there any other method/script that we can use to monitor status for a particular user on a register level rather than on a domain level.

What do you mean by a 'register' level?

For other plugins, search through our Exchange @ https://exchange.nagios.org

[gselvakumar]

Register level means on local server machines.I need monitor on local windows server machines rather than on the domain controller.Is there any plugin that we can use.

[rkennedy]

I don't think so, since user information is generally stored at a domain level. What information are you looking to get exactly? If an account is locked out?