Page 1 of 2
Nagios XI - Run Script as AD User
Posted: Fri Jun 11, 2021 8:22 am
by veeravamsi
HI Team,
We are trying to monitor AD Group Changes , and we got the Powershell Script to capture changes as i didnt find any nagios plugins. However looks like we need to run this as AD User . Any settings or cli options to run the custom scripts/plugins as AD User on target servers ( we are using NCPA ).
Thank you !
--Vamsi
Re: Nagios XI - Run Script as AD User
Posted: Fri Jun 11, 2021 1:34 pm
by ssax
While pretty insecure (use at your own risk) because the password is stored in cleartext on the system (and will need to be modified if you change that user's password), I was able to create a wrapper powershell script that does it like this:
C:\Program Files (x86)\Nagios\NCPA\plugins\runas.ps1
- Change
[email protected], yourPassw0rd, and yourpowershellscript.ps1
Code: Select all
$username = '[email protected]'
$password = 'yourPassw0rd'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Invoke-Command "C:\Program Files (x86)\Nagios\NCPA\plugins\yourpowershellscript.ps1" -Credential $credential -Computer localhost
Another alternative you can try would be if you edited the ncpa services in services.msc, click the Log On tab, and set the domain account credentials in there. Then restart the services and try it again.
Re: Nagios XI - Run Script as AD User
Posted: Fri Jun 11, 2021 3:35 pm
by ssax
A more secure method (see previous reply):
Run this command in a powershell prompt:
Type in the credentials of the domain user (
[email protected] and their password in the box that pops up).
Then run this command:
Code: Select all
$credential.Password | ConvertFrom-SecureString -Key (1..16) | Set-Content "C:\Program Files (x86)\Nagios\NCPA\plugins\encrypted.pass"
Which stores the encrypted password in "C:\Program Files (x86)\Nagios\NCPA\plugins\encrypted.pass".
Which can then be used like this:
Code: Select all
$username = '[email protected]'
$secureString = Get-Content -Path "C:\Program Files (x86)\Nagios\NCPA\plugins\encrypted.pass" | ConvertTo-SecureString -Key (1..16)
$credential = New-Object System.Management.Automation.PsCredential($username, $secureString)
Invoke-Command "C:\Program Files (x86)\Nagios\NCPA\plugins\yourpowershellscript.ps1" -Credential $credential -Computer localhost
Re: Nagios XI - Run Script as AD User
Posted: Mon Jun 14, 2021 1:27 am
by veeravamsi
Perfect. Thank you !!
Im able to run this script locally ( on target server ) and see expected WARNING/CRITICAL response . However when i run this from nagios CLI/UI i dont see right response ? Am i missing something ?
Re: Nagios XI - Run Script as AD User
Posted: Mon Jun 14, 2021 5:27 pm
by ssax
What is the response from XI showing exactly?
Re: Nagios XI - Run Script as AD User
Posted: Wed Jun 16, 2021 2:04 am
by veeravamsi
Default response as script completed . I have made it to break the scripts purposely to return WARNING which is not captured by nagios.
Re: Nagios XI - Run Script as AD User
Posted: Wed Jun 16, 2021 10:45 am
by ssax
Please attach the powershell plugin that you're running so I can lab it up completely.
Re: Nagios XI - Run Script as AD User
Posted: Thu Jun 17, 2021 9:36 am
by veeravamsi
while i verify with my Team about whether i can share our script here. Wondering if there is any Powershell script to capture the AD group membership changes ? Or any other nagios solutions to handle AD Group Changes
Re: Nagios XI - Run Script as AD User
Posted: Fri Jun 18, 2021 10:56 am
by ssax
I think you'd likely need to use event log monitoring and make sure that auditing is enabled in AD settings and then they would be in the security event log.
I found this:
https://exchange.nagios.org/directory/P ... up/details
And this:
https://support.nagios.com/forum/viewto ... 16&t=41862
Re: Nagios XI - Run Script as AD User
Posted: Tue Jun 22, 2021 12:51 pm
by veeravamsi
Thank you .. i will explore these options
. May can go ahead and close this thread.