I'd like to open my Splunk system up to all of our AD users rather than mapping particular groups as we've in the past. I've been trying to accomplish this by mapping the built in Domain Users group but I can't seem to get it to show up in the mapping screen. I do get the Domain Admins and Domain Guests which are in the same OU/Container just not Domain Users. Here is my current authentication.conf (some names changed to protect the innocent)
[authentication] authSettings = Active Directory authType = LDAP [roleMap_Active Directory] admin = Splunk Admins managers = Splunk Managers power = SysAdmins;Splunk Power Users user = SysAdmins;Splunk Power Users;Splunk Users [Active Directory] SSLEnabled = 0 anonymous_referrals = 0 bindDN = email@example.com bindDNpassword = $1$AoUBf6Io02h4 charset = utf8 groupBaseDN = OU=CustomGroupOU1,DC=our,DC=domain,DC=net;OU=Groups,OU=CustomGroupOU2,DC=our,DC=domain,DC=net;CN=Users,DC=our,DC=domain,DC=net groupBaseFilter = (|(cn=IT*)(cn=Splunk*)(cn=Domain*)) #groupMappingAttribute = dn groupMappingAttribute = distinguishedname groupMemberAttribute = member #groupNameAttribute = cn groupNameAttribute = name host = our.domain.net nestedGroups = 0 network_timeout = 29 port = 389 realNameAttribute = cn sizelimit = 100000 timelimit = 28 userBaseDN = OU=CustomUserOU,DC=our,DC=domain,DC=net;CN=Users,DC=our,DC=domain,DC=net userNameAttribute = samaccountname
I really don't have any AD management experience so I suspect I'm misunderstanding something here, any help would be greatly appreciated!
I know this is a post from 2013. But I thought that might help someone. I was doing a lab with MS AD myself. I noticed the very same behaviour for 'Domain Users' group.
The problem comes from the implementation of the Microsoft AD. Due to the fact that Domain Users is something called 'Primary Group'
The Domain Users group uses a "computed" mechanism based on the "primary group ID" of the user to determine membership and does not typically store members as multi-valued linked attributes. If the primary group of the user is changed, their membership in the Domain Users group is written to the linked attribute for the group and is no longer calculated. This was true for Windows 2000 and has not changed for Windows Server 2003.
Full discussion can be found here:
More info in detail can be read here: https://stackoverflow.com/questions/525021/domain-users-group-is-empty-when-i-use-directoryservices-...