Monitoring with PowerShell: WAN IP changes and Active Directory ages

I’ve been super swamped the last couple of days, as we’re working on our ISO27001 audit in our office. This means most of my time is just being swallowed by auditors. I’ve decided to not break my streak in releasing my blogs on time so this time we’re covering some requests from our readers!

Monitoring WAN IP changes

This was requested by the Reddit user “EqualWorking1”. He wanted the ability to see when a WAN IP changes for one of his servers, as he suspected a ISP kept dropping the link every few minutes. The script needs to run once to create a base-line IP file, and runs the compare based on that.

$previousIP = get-content "$($env:ProgramData)/LastIP.txt" -ErrorAction SilentlyContinue | Select-Object -first 1
if (!$previousIP) { Write-Host "No previous IP found. Compare will fail." }
$Currentip = (Invoke-RestMethod -Uri "https://ipinfo.io/ip") -replace "`n", ""
$Currentip | out-file "$($env:ProgramData)/LastIP.txt" -Force

if ($Currentip -eq $previousIP) {
    write-host "Healthy"
}
else {
    write-host "External WAN address is incorrect. Expected $PreviousIP but received $Currentip"
    write-host @{ 
        CurrentIP = $Currentip
        previousIP = $previousIP
    }
    exit 1
}

Monitoring old computer accounts on Active Directory

This one was requested by Johan, on the N-Central Slack channel. He wants to have the ability to alert when computers get older than a specific age. in his case, 90 days.

 $ENV:ComputerAge = 90
$age = (get-date).AddDays(-$ENV:ComputerAge)
$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem
if ($DomainCheck.ProductType -ne "2") { write-host "Not a domain controller. Soft exiting." ; exit 0 }
$OldComputers = Get-ADComputer -Filter * -properties DNSHostName,Enabled,WhenCreated,LastLogonDate | select DNSHostName,Enabled,WhenCreated,LastLogonDate | Where-Object {$_.LastLogonDate -lt $age}


if (!$OldComputers) {
    write-host "Healthy - No computers older than $ENV:ComputerAge found."
}
else {
    write-host"Not Healthy - Computer accounts found older than $ENV:ComputerAge  days"
    write-host @($OldComputers)
}

Monitoring old user accounts on Active Directory

And this one was just added for myself. I like knowing if accounts haven’t been logged onto in some time 🙂

 $ENV:UserAge = 30
$age = (get-date).AddDays(-$ENV:UserAge)
$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem
if ($DomainCheck.ProductType -ne "2") { write-host "Not a domain controller. Soft exiting." ; exit 0 }
$OldUsers = Get-ADuser-Filter * -properties UserPrincipalName, Enabled, WhenCreated, LastLogonDate | select UserPrincipalName, Enabled, WhenCreated, LastLogonDate | Where-Object { $_.LastLogonDate -lt $age }


if (!$OldUsers) {
    write-host "Healthy"
}
else {
    write-host "Not Healthy - Users found that havent logged in for $ENV:UserAge days"
    write-host @($OldUsers)
} 

And that’s it this time! short but sweet. I hope you enjoyed and if there is any more requests. Let me know! 🙂 As always, Happy powerShelling.

Kelvin Tegelaar
Follow me

4 thoughts on “Monitoring with PowerShell: WAN IP changes and Active Directory ages

  1. Riley

    Monitoring old user accounts on Active Directory

    Get-ADuser-Filter should be Get-ADuser -Filter (space before -Filter)

    Reply
  2. Matthias

    If I’m reading this correctly you are not excluding disabled accounts for both the AD scripts, just listing the enabled status.
    This is problematic in Datto RMM since that means if there is any output it always triggers an alert state.
    Something like this would exclude?
    Where-Object { $_.Enabled -eq $true }

    Reply
    1. Kelvin Tegelaar Post author

      Correct! You can exclude disabled accounts using your method, or changing the filter to ‘Enabled eq true’. The Where-object option is much faster though.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.