This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello
When admin Disable or Enable the Domain User Account. Mail Notification should be sent.
Below the script when i tried with Event ID
$SMTPServer = "smtp.yourdomain.com"
$From = "******@yourdomain.com"
$To = "******@yourdomain.com"
$EventIDs = @(4722, 4725)
$Events = Get-WinEvent -FilterHashtable @{
LogName = "Security"
Id = $EventIDs
} -MaxEvents 5
foreach ($Event in $Events) {
# Extract event details
$EventID = $Event.Id
$Action = if ($EventID -eq 4722) { "Enabled" } else { "Disabled" }
$Time = $Event.TimeCreated
$Details = $Event.Properties
# Output event properties for inspection
Write-Output $Details
# Adjust indexes based on inspection
$TargetAccount = $Details[5].Value # Affected account (Check this index)
$Initiator = $Details[1].Value # Admin who initiated the action (Check this index)
$TargetOU = $Details[6].Value # Organizational Unit of the account (Check this index)
# Email body
$Body = @"
AD Account Status Changed:
Action: $Action
Account: $TargetAccount
Changed By: $Initiator
Target OU: $TargetOU
Time: $Time
"@
# Send email
Send-MailMessage -SmtpServer $SMTPServer -From $From -To $To -Subject "AD Account Status Changed" -Body $Body
}
Result:-
Getting mail notification
Action: Enabled
Account: TLS
Changed By:
Target OU:
Time: 11/27/2024 07:53:00
Not Getting Exact Domain User for
Account: TLS
Changed By:
Target OU:
What is missing?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hi,
Have you checked the properties of Event 4722 and 4725 messages? According to the help files below, the TargetUserName is $Details[0], the SubjectUserName is $Details[4] and the OU of the target account cannot be found in these events.
4722(S) A user account was enabled. - Windows 10 | Microsoft Learn
4725(S) A user account was disabled. - Windows 10 | Microsoft Learn
Hi,
Have you checked the properties of Event 4722 and 4725 messages? According to the help files below, the TargetUserName is $Details[0], the SubjectUserName is $Details[4] and the OU of the target account cannot be found in these events.
4722(S) A user account was enabled. - Windows 10 | Microsoft Learn
4725(S) A user account was disabled. - Windows 10 | Microsoft Learn
I am not getting your point, what changes should be applied in the script. can you update with my script please @lan-Xue
I mean TargetUserName is the first field of the properties (which should be $Details[0] in your script) and SubjectUserName is the fifth field (which is $Details[4]).
$TargetAccount = $Details[0].Value # Affected account (Check this index)
$Initiator = $Details[4].Value # Admin who initiated the action (Check this index)
And there is no Organizational Unit of the account in the events. You can get that from the DistinguishedName of the target AD account.
$TargetOU = (Get-ADUser $TargetAccount).DistinguishedName -replace '^.*?,(?=[A-Z]{2}=)'