Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.
Hello @sivakumarm ,
In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.
in the Microsoft side you only need a domain user (enough to discover the Active Directory)
You can find all the informations in the official documentation from Splunk for this add-on:
Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation
Regards
Den
Hi,
Any Domain User account is enough for this add-on. There is no privilege required.
If this reply helps you an upvote is appreciated.
Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.
Have you fixed this problem? How?
A classic Domain User is enough?
Thanks.