# Script Name:  rdp-access-mail-notification.v3.ad.ps1
# Beschreibung: Schickt allen Mitgliedern einer GG eine Mail, wenn sich jemand per RDP auf einem System anmeldet
# Aufruf:       -
# Autor:        Patrick Asmus
# Web:          https://www.media-techport.de
# Git-Reposit.: https://git.media-techport.de/scriptos/private-script-collection.git
# Version:      3.1
# Datum:        22.10.2023
# Modifikation: Umzug ins neue Repo und damit verbundene Anpassungen
#####################################################

# Konfigurationsparameter
$SMTPServer = "smtp.media-techport.int"
$FromName = "Media-Techport.DE | Notification Service"
$FromEmail = "noreply@media-techport.de"
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
$LogoURL = "https://assets.media-techport.de/logos/main/LogoSchwarz.png"

# Funktion zum Senden von E-Mails
function Send-Email {
    param(
        [string]$To,
        [string]$Subject,
        [string]$HTMLBody
    )

    $emailMessage = @"
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>
<body>
    $HTMLBody
</body>
</html>
"@

    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $emailMessage -BodyAsHtml -Encoding "UTF8"
}

# Parameter aus dem Ereignisprotokoll auslesen
$eventID = 1149  # Event ID für RDP-Anmeldungen
$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"

$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1

if ($latestEvent) {
    $xml = [xml]$latestEvent.ToXml()

    if ($xml.Event.UserData) {
        $user = $xml.Event.UserData.EventXML.Param1
        $domain = $xml.Event.UserData.EventXML.Param2
        $clientIP = $xml.Event.UserData.EventXML.Param3

        $eventTime = $latestEvent.TimeCreated
        $computerName = $latestEvent.MachineName

        $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
            $userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
            $GivenName = $userDetails.GivenName
            $Surname = $userDetails.Surname
            $EmailAddress = $userDetails.EmailAddress
            [PSCustomObject]@{
                EmailAddress = $EmailAddress
                GivenName = $GivenName
                Surname = $Surname
            }
        }

        foreach ($userDetails in $userEmails) {
            $GivenName = $userDetails.GivenName
            $Surname = $userDetails.Surname
            $EmailAddress = $userDetails.EmailAddress

            $HTMLBody = @"
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<p><img src="$LogoURL" alt="" width="265" height="81" /></p>
<p><strong>Hallo $GivenName $Surname,</strong></p>
<p>Es wurde eine Anmeldung per RDP auf der Windows Maschine <strong>$computerName</strong> registriert.<br /><br /><strong>Datum:</strong> $($eventTime.ToString('dd.MM.yyyy'))<br /><strong>Uhrzeit:</strong> $($eventTime.ToString('HH:mm:ss'))<br /><strong>Dom&auml;ne:</strong> $domain<br /><strong>Benutzer:</strong> $user<br /><strong>IP-Adresse des Clients:</strong> $clientIP</p>
</body>
</html>
"@

            Send-Email -To $EmailAddress -Subject "RDP-Anmeldung auf $computerName registriert" -HTMLBody $HTMLBody
        }
    }
}