Active Directory How-To pages

Active Directory Auditing Tool
Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Active Directory How-To pages

How to send an email notification for account lockout?

Written by Mahidhar Adarsh, IT security team, ManageEngine Updated on June 2025

This script shows how to automatically send an email notification to the administrator whenever a user account is locked out.

import-module activedirectory
$Event = Get-EventLog -LogName Security -InstanceId
4740 -Newest 1
$Usr = $Event.Message -split [char]13
# [#] is the line number in the output
$Usr = $Usr[10]
# (#) is the substring of that line
$Usr = $Usr.substring(17)
$Usr2 = Get-ADUser $Usr | Select-Object
-ExpandProperty name $OU = Get-ADUser $Usr -Properties
distinguishedname,cn | select @{n='AD OU:
';e={$_.distinguishedname -replace
'^.+?,(CN|OU.+)','$1'}}
$Email = Get-ADUser $Usr -Properties mail
$TelephoneNumber = Get-ADUser $Usr -Properties
telephoneNumber | Select-Object -ExpandProperty
telephoneNumber
#send lockout notification to helpdesk ticketing system.
$MailBody= $Event.Message + "`r`n`t" +
$Event.TimeGenerated + "`r`n`t" + $OU + "`r`n`t" +
$Email.mail + "`r`n`t" + "Direct: $TelephoneNumber" +
"`r`n`t" + "`r`n`t" + "
*ATTENTION* Do not automatically unlock the user's account,
please follow up with them first"
$MailSubject= "User Account Locked Out: " + $Usr2
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "newport.abc.int"
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = "AcctLockNotify@abc.edu"
$MailMessage.To.add("helpdesk@abc.edu")
$MailMessage.IsBodyHtml = 0
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody
$SmtpClient.Send($MailMessage)
#send message to the locked out users
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "newport.abc.int"
$MailMessage.from = "AcctLockNotify@abc.edu"
$MailMessage.To.add("$email.mail")
$MailMessage.Body = "$Usr2 Your abc logon has been locked out.
Please contact the IT DepT (302)736-4199, or come to the IT Dept. office to have your abc Account unlocked."
$SmtpClient.Send($MailMessage)

1. Create a scheduled task to run that PowerShell script. Edit the trigger as follows:

how-to-send-an-email-notification-for-account-lockout

2. In action option, select start a program. The argument "-file" should be with the script path.

how-to-send-an-email-notification-for-account-lockout-2

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing