Re: Splunk Supporting Add-on for Active Directory:...

sivakumarm · ‎03-02-2018

Could anyone please help me to find out the AD privileges required for domain service account that splunk uses to connect and query active directory database.

DenM · ‎01-04-2021

Hello @sivakumarm ,

In the Splunk side you need for the Splunk Supporting Add-on for Active Directory the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.

in the Microsoft side you only need a domain user (enough to discover the Active Directory)

You can find all the informations in the official documentation from Splunk for this add-on:

Configure the Splunk Supporting Add-on for Active Directory - Splunk Documentation

Regards

Den

scelikok · ‎01-04-2021

Hi,

Any Domain User account is enough for this add-on. There is no privilege required.

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

ownion · ‎01-04-2021

Hi @sivakumarm, I also need this information but I couldn't find anything in the documentation or online.

Have you fixed this problem? How?

A classic Domain User is enough?

Thanks.

Splunk Supporting Add-on for Active Directory: What privileges are required for the domain user who connects to the domain?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes