Splunk Search

LDAP query for users

Rody333
New Member

Hello,

I want to search AD for all users in my organization. But as the list is huge, there is memory error occurring and I'm getting 0 results. Is there any way I can split my search. Below is the query I was trying.

| ldapsearch search="(&(objectclass=user)(CN=*))"
| table objectSid description sAMAccountName

What I want is like if there are 90000 users, I want to split my search for 1st 45000 users and last 45000 users.

Thanks in Advance

@woodcock 

Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...