How can I use and centrally manage native Active D...

daniel333 · ‎04-27-2016

All,

I want to create dedicated admin accounts for users so they are not running as admin, except when needed. However our Active Directory team will only issue 1 AD account per user. I thought then, perhaps I can use local/native accounts, but I am not certain how to centrally manage this? I would want the same account on all boxes, same password etc.

We do use puppet config management, but after playing with a test install of Splunk, I don't see the account in a flat file anywhere.

Can someone point me in the right direction on this?

joesrepsolc · ‎01-31-2019

Completely agree with the suggestion to create an AD Group for Splunk admins, and then map the "admin" role in Splunk to that group. When members get added/removed from that group, or de-activates, etc... changes are instantly reflected in Splunk.

redman1138 · ‎04-27-2016

/splunk/etc/passwd is the password file for all local accounts. You can always do the setup on one system and then push the file out to all systems. I do not not remember if it will require a restart or if a debug/refresh will solve it.

You can also create an AD group for admins and then map that group to the role.

How can I use and centrally manage native Active Directory user accounts to create dedicated admin accounts for Splunk?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms