All Apps and Add-ons

How to add a custom attribute to the users lookup in MS Windows AD Objects?

lzaexpert
Explorer

Hi there!

I was wondering how to add a custom attribute to the users lookup creation and update processes. Lets say that I have a myCustomAttribute for Users Objects that I would like to have within the 'AD Users LDAP list.csv' file.
I spent some hours trying to reverse all the macros involved but in the end I prefer asking 😉

Many Thanks

jcooperFossil
Path Finder

Coming in years after this question was asked, because I've been trying to do the same and I finally figured it out today!

The TA is currently on version 4.1.1

To get additional fields to appear in AD_Obj_User you need to do the following:
Edit the macro `ms_obj_admon_base_out_user` and include the fields you want in the SPL for "fields" and "table"
Do the same for the macro `ms_obj_user_base_migrate` just in case.

The part I was missing for years up until now was you have to edit the KV Store to specify what fields are allowed to be stored.
Edit the Lookup (KV Store) AD_Obj_User (Collection name is AD_Obj_User_LDAP_list_kv) and add the desired fields.

Rebuild your lookup and you're good to go!

0 Karma

salbro
Path Finder

Looking to also do this. Did you ever get the custom attribute added?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...