Splunk Supporting Add-on for Active Directory: Wha...

sivakumarm · ‎03-02-2018

Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.

DenM · ‎01-04-2021

Hello @sivakumarm ,

In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.

in the Microsoft side you only need a domain user (enough to discover the Active Directory)

You can find all the informations in the official documentation from Splunk for this add-on:

Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation

Regards

Den

scelikok · ‎01-04-2021

Hi,

Any Domain User account is enough for this add-on. There is no privilege required.

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

ownion · ‎01-04-2021

Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.

Have you fixed this problem? How?

A classic Domain User is enough?

Thanks.

Splunk Supporting Add-on for Active Directory: What privileges are required for the domain user who connects to the domain?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life