What is the most suggested way to pull data from Active Diretory?
We need to input Active Directory's user information for event co-relations.
THanks Gurus~!
Wow - answering a year old query.
Set up a temporal lookup based on the Windows Security Log (which you will need to ingest from the domain controllers). You can use http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j to figure out the EventCode that you need to read for the user logons.
Note that most windows systems use Kerberos "pre-authentication" to do authentication. So the logon events are not necessarily obvious. Just take a look at the events and extract the username and domain (preferenbly as the CIM compliant fields user and src_nt_domain.
A good starting point would be the documentation, specifically Monitor Active Directory in the Admin manual.