Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

LDAP query for users

Rody333
New Member
‎12-04-2020 06:56 AM

Hello,

I want to search AD for all users in my organization. But as the list is huge, there is memory error occurring and I'm getting 0 results. Is there any way I can split my search. Below is the query I was trying.

| ldapsearch search="(&(objectclass=user)(CN=*))"
| table objectSid description sAMAccountName

What I want is like if there are 90000 users, I want to split my search for 1st 45000 users and last 45000 users.

Thanks in Advance

@woodcock 

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...