One of our previous admins created a pair of Application Monitors to check the lockout status and the time between password changes for a few of our service\development accounts. One of the application monitors uses a PowerShell script to query Active Directory for both the date and number of days until the password needs to be changed, while the other application monitor uses a similar PowerShell script to check whether or not the account is locked out, and generate a 0/1 statistic for threshold purposes. They generate the desired values, but I was hoping to make things more efficient. First, I'd like to have one application monitor instead of two, and secondly, I'd like to make how the data is stored more efficient.
As they currently function, teach application monitor creates two separate lines on the "APM_DynamicEvidenceCurrent" table, each line has a value for either the 'NumericData' or the 'StringData' column, and places a NULL value in the other column. My desired goal would be to reduce this so that I have one application monitor, running one PowerShell script, and have it create few lines in the table, one line for the password expiration check and one line for the lockout status, populating both the 'NumericData' and 'StringData' column of each. So far, I have the following PowerShell script, which does produce all four desired values in a single script, however, it is still creating four separate lines instead of the desired two.
NOTE: "testanddevops" is not the real account name, it's used here for posting purposes.
$AccountName = "`testanddevops"; $account = Get-ADUser -identity $AccountName -Properties * $expires = Get-ADUser -identity 'testanddevops'-Properties pwdLastSet| select @{name ="pwdExpires"; expression={$([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60)}} $ExpirationDate = ($expires.pwdExpires).ToLongDateString(); $TodaysDate = (get-date); $TimeSpanRaw = New-TimeSpan -start $TodaysDate -end $ExpirationDate; $ExpirationLeadTime = $TimeSpanRaw.days; write-host $AccountName write-host "Message.DaysUntilPasswordExpiration : $ExpirationDate" `n"Statistic.DaysUntilPasswordExpiration : $ExpirationLeadTime"; if ($account.lockedout -eq $False) {write-host Message.LockoutStatus:False `nStatistic.LockoutStatus:0} Else {(write-host Message.LockoutStatus:True `nStatistic.LockoutStatus:1)}