Hello,
We need to create a script that alerts admins when an object appears in the LostAndFound container. Additionally, we'd like to somehow evaluate the importance of the object and determine whether the site needs to be contacted about this orphan. What are some attributes we should be looking at to determine the importance? SAM account name and date created are the only ones I can think of. There isn't much discussion out there on the LostAndFound container and whether other companies ever monitor it like we intend to.
So far, the only real road path I've had is:
1.) Understand the purpose of the Lost and Found Container and how to better the process after an object is placed in there.
2.) Understand what our company deems important.
The problem is is that I'm not given much help on number two from the higher ups, so I've been scouring online and collaborating with teammates about what attributes are worth monitoring, and what objects in our environment specifically are important (to us as admins or to the local site).
Here is our script so far:
$test = get-adobject -filter 'name -like "*"' -searchbase 'CN=lostandfound,DC=us,DC=xxx,DC=xxx,DC=com'
foreach ($entry in $test){
if ($entry.Name -notlike "lostandfound"){$entry | format-list -property name, objectclass | Out-File C:\Adscripts\LostAndFoundResults.txt -append}
}
$checkfile = Get-Content C:\Adscripts\LostAndFoundResults.txt
if ($checkfile -notlike $null){
$FromAddress = "xxxxxxx"
$ToAddress = "xxxxx"
$MessageSubject = "The following is listed in the Lost & Found OU **PLEASE DO NOT REPLY**"
$MessageBody = $body = [string]::join([environment]::NewLine, $checkfile)
$SendingServer = "mailhost.xxxxx.com"
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress,
$MessageSubject, $MessageBody
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)
$null | Out-File C:\Adscripts\LostAndFoundResults.txt
}