Tag Archives: Powershell

“Poor man” monitoring of creation/enablement and addition and removal to/from security group of an account in Active Directory (part 2)

Next step is to monitor addition and/or removal of user to/from security group – in this example I will show that alert is triggered when user is added to domain admins security group.
The script is a bit modified so it covers the user that added another user to a security group, a user that was added to a security group and which group user was added to.

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4728} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameTextAdmin = $EventMessagetstring | Select-String -Pattern “Subject:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameTextUser = $EventMessagetstring | Select-String -Pattern “Member:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameTextGroup = $EventMessagetstring | Select-String -Pattern “Group:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EmailTo = “me@domain.com”
$EmailFrom = “alert@domain.com”
$Subject = “New user in Active Directory!”
$Body = “User was added to group by: `n $EventMessageAccountNameTextAdmin `n `n `n User that was added to securty group: `n $EventMessageAccountNameTextUser `n `n `n Security group user was added to: `n $EventMessageAccountNameTextGroup”
$SMTPServer = “YourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)

I have created new Task Scheduler task in which now I am calling new script that I have named SecurityGroup.ps1

All the other stuff is configured in the same way as written in my previous post.

security group

New certificate in Exchange 2007 step-by-step

1. step
New-ExchangeCertificate -generaterequest:1 -domainname domain.com,mail.domain.com,smtp.domain.com,pop3.domain.com -privatekeyexportable:1 -path c:cert.txt -force:1

2. step
Import certificate request using web access to your Certification authority – logon as administrator! (WEB SERVER!!!)

3. step
Export certificate to a location on the disk… c:certnew.crt

4. step
Import-ExchangeCertificate -path c:certnew.cer

5. step
Enable-ExchangeCertificate -thumbprint 5ACC9A5D90E2CFDBAD6E25CD02362B8954506810 -Services “IIS,POP,SMTP,IMAP”

To remove old certificates:
Remove-ExchangeCertificate -Thumbprint …………

Add IP Blocklist provider using Powershell in Exchange 2007

Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse “Your IP is blacklisted! http://www.spamhaus.org

This script adds new provider called zen.spamhaus.org, makes lookups to zen.spamhaus.org and it works on any reply (,2 …), it does enable this provider and it sets response that is sent to sender.