All Apps and Add-ons

Splunk app for windows infrastructure no Active Directory/Group policy info

pmovrich
Explorer

I have some of the domain controller info being pulled into the app like whats listed under
Active directory > domains
Active Directory > domain controllers.

But i don't see any of the active directory user, groups, computers or group policy info.

I tried configuring the app through tools and settings option and that didn't help.

When i do a ldap search:

|ldapsearch domain=SPL search="(objectClass=user)"

I get zero results.

any help?

0 Karma

jbernt_splunk
Splunk Employee
Splunk Employee

Have you configured the SA-ldapsearch/local/ldap.conf yet and turned on Auditing?

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...