How to generate a list of users and Active Directo...

mlevsh · ‎04-19-2017

Can someone advice on the Splunk search to generate the list of users and associated Active Directory (AD) groups? We are using SAML authentication based on AD groups.

Thank you!

brreeves_splunk · ‎04-19-2017

Do you want this to be based on the SAML response? or their full list of AD Groups in Active Directory?

woodcock · ‎04-19-2017

You need this app to mine assets from AD

https://splunkbase.splunk.com/app/3059/

adonio · ‎04-19-2017

maybe something like this for starters:

 index=<yourIndex> sourcetype=<youtSourcetype> CN=Schema objectCategory=* 
    | dedup distinguishedName 
    | stats list(cn) by DC OU

start with verbose search so you can see all the fields you would like to report on
also, it is not clear from the question if you are looking for users who use splunk or to all users in your company connected to AD?
I would assume you are looking for users who are in splunk since you mentioned SAML. If that is the case, probably use @cusello answer above and join results from ad search (here) by the field user
hope it helps

jpolcari · ‎04-19-2017

I've had pretty good luck using this Splunk app: https://splunkbase.splunk.com/app/3177/

Allows you to build lookup tables for users, groups, OUs, etc.

gcusello · ‎04-19-2017

Hi mlevsh
try something like this:

| rest /services/authentication/users

Bye.
Giuseppe

mlevsh · ‎04-19-2017

@cusello Hi Giuseppe, this endpoint shows type of authentication, not the actual AD group

How to generate a list of users and Active Directory groups?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!