All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Active Directory

omprakash9998
Path Finder
‎03-19-2018 06:48 AM

Hi,

I am running splunk 6.6.3 . can anyone help me to Active Directory information into Splunk App for windows infrastructure. I have installed the Splunk AD addon and every sourcetype is eneabled on it. I am unable to get Groups, Group Plocy information, Organizational units information and Active Directory Health information.
All i am able to get is User Information. I am not able to generate default domain lookup tables.

Thanks in advance.

0 Karma
Reply

p_gurav
Champion
‎03-19-2018 11:46 PM

Can you try this command and check outcome:
https://docs.splunk.com/Documentation/SA-LdapSearch/2.1.6/User/Theldapsearchcommand

Also there is troubleshooting doc available:
https://docs.splunk.com/Documentation/SA-LdapSearch/2.1.6/User/UseSA-ldapsearchtotroubleshootproblem...

Also check _internal logs for any kind of error.

Reply

omprakash9998
Path Finder
‎03-20-2018 07:35 AM

the ldap search command is resturning all the user related information. I am also looking to get "eventtype=msad-dc-health" and "DomainList.csv" as there are lots of dependencies on these to populate all the dashboards.

_internal logs doesnot not show errors related to AD or Ldap. Mostly Perfmon Errors.

Thank you.

0 Karma
Reply

ajhstn
Explorer
‎11-06-2018 08:08 PM

Did you get anywhere with populating the msad-dc-health event type? I also cannot run some searches as "msad-dc-health" event type doesnt return anything.

0 Karma
Reply

omprakash9998
Path Finder
‎11-07-2018 06:14 AM

Yes. I have resolved the issue, I am able to collect all the logs from AD. I have followed the following posts and was able to resolve it.

https://www.splunk.com/blog/2012/10/21/splunk-app-for-active-directory-and-the-top-10-issues.html

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...