@Inthegetto Splunk Supporting Add-on for Active Directory includes the ldapsearch command. When properly configured for your AD domain(s), you can search for users in both groups with an appropriate LDAP filter: | ldapsearch search="(&(objectCategory=person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=cn=GroupA,ou=Groups,DC=example,DC=com)(memberOf:1.2.840.113556.1.4.1941:=cn=GroupB,ou=Groups,DC=example,DC=com))" Running as a scheduled search, you can trigger an alert when the result count is greater than 0.
... View more