All Apps and Add-ons

Splunk Supporting Add-on for Active Directory: What privileges are required for the domain user who connects to the domain?

sivakumarm
New Member

Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.

0 Karma

DenM
Explorer

Hello @sivakumarm , 

In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.

in the Microsoft side you only need a domain user (enough to discover the Active Directory)

You can find all the informations in the official documentation from Splunk for this add-on:

Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation

Regards

Den

scelikok
SplunkTrust
SplunkTrust

Hi,

Any Domain User account is enough for this add-on. There is no privilege required.

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote is appreciated.

ownion
Path Finder

Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.

Have you fixed this problem? How?

A classic Domain User is enough?

 

Thanks.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...