Reporting

How to create a report when an account is created in active directory?

ekoumbakemal
Observer

Hello,

I want to have a report when an account is created in active directory?
How I can process it?

Thanks.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @ekoumbakemal,
see my answer in https://answers.splunk.com/answers/776027/how-to-display-a-modification-on-the-active-direct-1.html

Anyway, you have to search in Splunk the EventCode=4720:

index=wineventlog EventCode=4720
| ...

but the problem is that usually you haven't these EventCodes because this audit isn't enabled by default in Domain Controllers, so you have to enable it following instructions in my answer.

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...