All Apps and Add-ons

Splunk Supporting Add-on for Active Directory: What privileges are required for the domain user who connects to the domain?

sivakumarm
New Member

Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.

0 Karma

DenM
Explorer

Hello @sivakumarm , 

In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.

in the Microsoft side you only need a domain user (enough to discover the Active Directory)

You can find all the informations in the official documentation from Splunk for this add-on:

Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation

Regards

Den

scelikok
SplunkTrust
SplunkTrust

Hi,

Any Domain User account is enough for this add-on. There is no privilege required.

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

ownion
Path Finder

Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.

Have you fixed this problem? How?

A classic Domain User is enough?

 

Thanks.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...