Solved: Active Directory monitor not enumerating existing ...

erga00 · ‎07-02-2010

I've enabled the Active Directory monitoring module. I'm getting events as objects are modified but I would expect that there would be an initial scan of all objects so that entries for changed objects can be compared to their original value. Another useful byproduct of scanning all objects is that you can then add useful data like department, address, etc to search results.

The documentation doesn't mention anything about it and there isn't anything in the specs for admon.conf so this might be an enhancement request but I thought I'd ask in case someone else has gotten it to work.

I'm running 4.1.2 by the way.

EDIT:
I've confirmed that this bug is fixed in 4.1.4.

the_wolverine · ‎07-02-2010

Yes, unfortunately, this is a bug in ADMonitor. It'll be fixed in 4.1.4.

ADMonitor does not index all baseline events (SPL-32393)

View solution in original post

the_wolverine · ‎07-02-2010

Yes, unfortunately, this is a bug in ADMonitor. It'll be fixed in 4.1.4.

ADMonitor does not index all baseline events (SPL-32393)

erga00 · ‎07-02-2010

Thanks. Is there an ETA on 4.1.4?

Active Directory monitor not enumerating existing objects

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]