Hi,
Splunk Enterprise.
I am trying to get the list of all user accounts using below code, but the result showing only Splunk console users list instead of all Active Directory User Account List.
Code:
| rest splunk_server=local /servicesNS/-/-/authentication/users count=0 | table title email real name type
Output
Admin admin@xyz.com administrator splunk
babu babu@xyz.com babu LDAP
like this result is showing only 10 lines, all these are splunk console users. I dont know why all Active Directory User Accounts not showing.
Could anyone help me & guide me on this.
Thanks in advance.
To get a list of users or computers from your Active Directory you could use the Splunk Supporting Add-on for Active Directory. It allows you to use the ldapsearch command on your searches.
To get a simple list of your AD uses and output this list to a csv file you could use the search below:
| ldapsearch domain=YOUR_DOMAIN search="(&(objectClass=user)(!(objectClass=computer)))" attrs="sAMAccountName,displayName,mail"
| table sAMAccountName,displayName,mail
| outputlookup AD_Users.csv
Any luck ?