Splunk Search

How to use ldapsearch to pull the members from groups


I have list of the domains and groups, how to use ldapsearch to pull the sAMAccountName name and AccountIsDisabled associated with the groups? Thanks.

Tags (1)
0 Karma


This might need a little re-work to pipe in your list of groups, but something along these lines might get you going:

|ldapsearch domain=YourDomain search="(&(objectClass=user)(memberOf=CN=YourGroup,OU=YourOrgUnit,O=YourOrg))" | eval AccountIsDisabled=IF(userAccountControl=512,"True","False") | table sAMAccountName, AccountIsDisabled
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...