All Apps and Add-ons

Splunk Supporting Add-on for Active Directory: What privileges are required for the domain user who connects to the domain?

sivakumarm
New Member

Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.

0 Karma

DenM
Explorer

Hello @sivakumarm , 

In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.

in the Microsoft side you only need a domain user (enough to discover the Active Directory)

You can find all the informations in the official documentation from Splunk for this add-on:

Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation

Regards

Den

scelikok
SplunkTrust
SplunkTrust

Hi,

Any Domain User account is enough for this add-on. There is no privilege required.

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote is appreciated.

ownion
Explorer

Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.

Have you fixed this problem? How?

A classic Domain User is enough?

 

Thanks.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!