Page 1 of 1
AD Service Check to monitor status for user state
Posted: Thu Aug 18, 2016 4:02 am
by gselvakumar
Hi Team,
We want implement AD Service Check to monitor status(whether locked) for a particular users on a windows server. Domain level monitoring would what we needed. However, monitoring on the register level would be really awesome if we could, just would be very involved I guess since we would want to monitor other things.
I searched In the forum I got the two urls mentioned below. But I am not sure how to use it for a particular user. Please help me with this requirement.
1)
https://exchange.nagios.org/directory/P ... ts/details
2)
https://exchange.nagios.org/directory/P ... ck/details
Re: AD Service Check to monitor status for user state
Posted: Thu Aug 18, 2016 10:08 am
by rkennedy
The Exchange page provides quite a bit of information. An example on how to use it for you would be -
Code: Select all
.\lotp_check_ad_accounts.ps1 LockedOut "dc=mydomain,dc=com" subtree 5 10
CRITICAL: 216 LockedOut|216;5;10
It also mentions what needs to be done, for installing -
Code: Select all
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_ad_account -a $ARG1$ "$ARG2$" $ARG3$ $ARG4$ $ARG5$
Code: Select all
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_ad_account=lotp_check_ad_accounts.ps1 $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
You might be able to specify the exact path for the users object, but otherwise I don't see a built in way to specify a certain user. They would need to be in a specific OU. Granted, you could always modify the Powershell script to your needs.
Re: AD Service Check to monitor status for user state
Posted: Fri Aug 19, 2016 1:24 am
by gselvakumar
how to use it for a particular user?
Re: AD Service Check to monitor status for user state
Posted: Fri Aug 19, 2016 5:31 am
by gselvakumar
Hi
I added below the script in Windows server in the folder C:Program Files\NSClient++\scripts
and added the below mentioned command to nsclient.ini
Code: Select all
[/settings/external scripts/wrapped scripts]
check_ad_account=lotp_check_ad_accounts.ps1 $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
After that I tried executing below mentioned command from my Nagios console.I am getting an error as mentioned in the attachment.
Code: Select all
./check_nrpe -H WUSRCDNAG00 -n -c check_ad_account -a AccountInactive "dc=pmside,dc=net" subtree 5 10
Please let me know is that anything that I missing?
Please help me with this.
Re: AD Service Check to monitor status for user state
Posted: Fri Aug 19, 2016 2:00 pm
by bwallace
Regarding "
CHECK_NRPE: Received 0 Bytes From Daemon. Check The Remote Server Logs For Error
Messages" -- See section V of this doc:
https://assets.nagios.com/downloads/nag ... utions.pdf
If NRPE is running on the client server then the likely problem is the check command does not align with what is specified in the script. Post both items here if the steps in the doc do not enable you to resolve, thanks.
Re: AD Service Check to monitor status for user state
Posted: Tue Aug 30, 2016 7:30 am
by gselvakumar
Is there any other scripts/ways to status for user state apart from one mentioned below
1)
https://exchange.nagios.org/directory/P ... ts/details
2)
https://exchange.nagios.org/directory/P ... ck/details
Is there any other method/script that we can use to monitor status for a particular user on a register level rather than on a domain level.
Re: AD Service Check to monitor status for user state
Posted: Tue Aug 30, 2016 2:19 pm
by rkennedy
What do you mean by a 'register' level?
For other plugins, search through our Exchange @
https://exchange.nagios.org
Re: AD Service Check to monitor status for user state
Posted: Wed Aug 31, 2016 5:43 am
by gselvakumar
Register level means on local server machines.I need monitor on local windows server machines rather than on the domain controller.Is there any plugin that we can use.
Re: AD Service Check to monitor status for user state
Posted: Wed Aug 31, 2016 9:10 am
by rkennedy
I don't think so, since user information is generally stored at a domain level. What information are you looking to get exactly? If an account is locked out?