I'm currently picking up IIS logs that have connecting usernames listed as "domain\username" . I'd like to resolve these to the Active Directory names ex: Firstname Lastname
Is this possible? If so, how would I go about doing it?
One way might be to have a periodic dump of Active directory users into a lookup file using the SA for LDAP. The dump would include all relevant information like the domain, username, and first & last names for the users. You could then use a lookup to resolve the field in the logs to what's in AD.
Make sense? Can go into more detail if needed.