Solved: How to list user accounts with domain? - Page 3

brpsingara · ‎03-14-2019

Hi,

Splunk Enterprise.

I am trying to get the list of all user accounts using below code, but the result showing only Splunk console users list instead of all Active Directory User Account List.

Code:

| rest splunk_server=local /servicesNS/-/-/authentication/users count=0 | table title email real name type

Output

Admin admin@xyz.com administrator splunk
babu babu@xyz.com babu LDAP

like this result is showing only 10 lines, all these are splunk console users. I dont know why all Active Directory User Accounts not showing.

Could anyone help me & guide me on this.

Thanks in advance.

alonsocaio · ‎03-14-2019

To get a list of users or computers from your Active Directory you could use the Splunk Supporting Add-on for Active Directory. It allows you to use the ldapsearch command on your searches.

To get a simple list of your AD uses and output this list to a csv file you could use the search below:

| ldapsearch domain=YOUR_DOMAIN search="(&(objectClass=user)(!(objectClass=computer)))" attrs="sAMAccountName,displayName,mail"
| table sAMAccountName,displayName,mail
| outputlookup AD_Users.csv

View solution in original post

How to list user accounts with domain?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!