All Apps and Add-ons

Why are there no results found for expired accounts and disabled account reports?

Karl12347
New Member

Hello

We have recently setup the Spunk App for Windows Infrastructure to monitor our Active Directory.
We are receiving the AD audit information from the daily changes etc, however the reports such as Expired accounts or Disabled accounts do not work, no results are found.

I have checked the configuration within Splunk Support for Active Directory and the test comes back as successful.

Struggling to work out where the issue lies?

Would appreciate some help / advice.

Thanks
Karl Forster

0 Karma

alemarzu
Motivator

Hi @Karl12347

Did you check your Audit Policies ? Perhaps you are not auditing those events.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...