Per a request from our security team, I moved Splunk to LDAP only and blasted the local admin account. But ES is going crazy about orphanded objects now. Any recommendation?
I was thinking I can get away with creating a service account and reassign the objects there. Will that be fine?