Hi @keldridg2 ,
I would recommend that you read some of the documentation on Splunk that explains exactly how to do this:
Monitoring Active Directory:
These documents will provide you with the information you need to monitor Active Directory.
You would put a Universal Forwarder on the Domain Controller and configure it to send the data you want (Event Logs, perfmon metrics) to your indexer(s). On windows, the Universal Forwarder installation process allows you to define those things.