Is it possible or does it make sense to install the Splunk Support for Active Directory add-on on the domain controller with the universal forwarder?
The topology is as follows: Domain Controller with universal Forwarder ---> WAN -->> Heavy Forwarder DMZ ---> Indexer LAN.
The problem is there is no VPN form Indexer to the Domain Controller. I have to use the ssl/tls encryption, but I am not allowed to change any firewall settings. My Problem is how can sa-ldapserach authenticate to the DC?
Any Ideas? How could we design this?