Check Active Directory User Accont if it is locked out

[soporteBHUY]

Hello, I am trying to find a way to monitor a specific Active Directory account to check if it is locked out.
I would like the status to be critical on locked out, and Normal on non locked out.

I have an Active Directory Account that is used to run specific proceses, so I need to know if it get locked out.

I can´t find any plugin to do that, the only thing I found is the plugin developed by "mathieu.chateau" --> "Check Active Directory Accounts".

https://exchange.nagios.org/directory/P ... ts/details


But this plugin checks the amount of accounts locked out.

So, I try to create a new one (I have zero experince doing that) based on Mathieu´s Plugin.

Mathieu´s Plugin uses powershell through NRPE / nsclient++ to execute "Search-ADAccount" PowerShell script.

I like to change Search-ADAccount command for Get-ADUser

So, my script is this:

*****************
param
(
[string]$user = ""
)

#$command="Get-ADUser "+$user+" -Properties * | select-object LockedOut | findstr True"
$result = (Get-ADUser $user -Properties *).LockedOut
#$result=invoke-expression $command
echo $result

if ($result -eq $True) {
$state="CRITICAL"
$exitcode=2
} else {
$state="OK"
$exitcode=0}

Write-Host $state
exit $exitcode
*****************

If I execute from PowerShell locally on a domain controller, y got this reply:

PS C:\Program Files\NSClient++> .\Check_AD_User_Account.ps1 [UserName]
False
OK

and If the user get´s locked out this is the command output:

PS C:\Program Files\NSClient++> .\Check_AD_User_Account.ps1 [UserName]
True
CRITICAL

So far, so good.

Next, the script is saved under C:\Program Files\NSClient++
and I have edited the NSClient Options file NSC.INI as follow

under [Script Wrappings] tag added this line:
Check_AD_User_Account=Check_AD_User_Account.ps1 $ARG1$

Next on Nagios Core Config - Commands - I have created a command definition:
Command Name - check_nrpe_Locked_User
Command Line - $USER1$/check_nrpe -H $HOSTADDRESS$ -n -c Check_AD_User_Account -a $ARG1$
Command Type - Check_Command
Active - yes

And finally defined a new service to check on the Domain Controller using my command "check_nrpe_Locked_User" and on the $ARG1$ [UserName]

but is not working.

Result gathered by nagios is :
"CHECK_NRPE: Error receiving data from daemon."

I really apreciate your help on this, thanks in advance

[dwhitfield]

We aren't really able to help too much with custom plugin development. That said, you are getting an NRPE error, which we should be able to help with.

Please check out section VII of https://assets.nagios.com/downloads/nag ... utions.pdf

That section will refer to other sections, so please run through those as well. If you don't understand anything in the document please let us know and we help explain.