@geoppspl7 - Please make sure you understand the reasoning behind the policy before you attempt to circumvent it in this way. While it is technically feasible, there's a disconnect in the policy itself.
As you describe it, and assuming there is no reason to prevent your contractors from accessing splunk, when everyone else in the AD group can access it, then the AD group appears to be being used for some other access authority as well as splunk. (This is not best practices. Access should be segregated by usage, and access should always be granted granularly based on need and assigned organizational authority.)
If so, then that duplicate authority attached to a single AD group is the root of the issue you are running up against. Has your organization somehow opened splunk up to everybody in a particular domain, regardless of whether the employee has a business need?
If so, it seems you are trying to create a workaround for a security plug, when the plug itself is obscuring a larger security hole.
Investigate the underlying philosophy, and act accordingly (but politely). Nobody wants to be the next Equifax.
... View more