Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

johannterc
New Member
‎02-28-2017 08:45 AM

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?

alt text

Preview file
80 KB
0 Karma
Reply

Baever
Engager
‎03-15-2023 04:23 AM

Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂  

I'll go back and have another read through those docs.

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 10:40 AM

Hi johannterc,
please refer to the docs here to decide on an the right windows user
http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
Hope it helps

0 Karma
Reply

johannterc
New Member
‎02-28-2017 10:45 AM

Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).

0 Karma
Reply

adonio
Ultra Champion
‎02-28-2017 01:06 PM

please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,

0 Karma
Reply

Baever
Engager
‎03-15-2023 03:54 AM

I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-15-2023 04:09 AM

Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

 

Here is some more docs for monitoring AD

 

Requirements

You must meet the following requirements to monitor an Active Directory schema:

You should read "Splunk Enterprise" => Splunk UF

It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.

r. Ismo

 

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...