All Apps and Add-ons

Splunk Add-on for Microsoft Active Directory vs Splunk Supporting Add-on for Active Directory ? Whats the difference ?

damode
Motivator

I have Splunk Supporting Add-on for Active Directory 2.1.4 already installed.

I noticed with Splunk Add-on for Microsoft Windows 6.0.0, it also includes Splunk Add-on for Windows Active Directory version 1.0.0 and DNS add-on.

are both add-ons required at the same or should I uninstall Splunk Supporting Add-on for Active Directory 2.1.4 ?

richardphung
Communicator

From what I can tell, the Splunk Add-on for Microsoft Windows 6.0.0 (which includes Windows Active Directory 1.0.0) do different things than the Splunk Supporting Add-on for AD (2.1.4)...

The Splunk Add-On for Microsoft Windows 6.0.0 is a TA, which offers indexing and extraction of Microsoft Windows Event Logs (and now AD Logs via WinEventMon:\Security- type stanzas)...

The Supporting Add-On is an SA--- which offers some functionality, particularly, SA-LDAPSearch..., which includes things like ldapfilter, ldapfetch, etc.

https://docs.splunk.com/Documentation/SA-LdapSearch/3.0.0/User/AbouttheSplunkSupportingAdd-onforActi...

0 Karma

richardphung
Communicator

And also, the Supporting Add-On for AD can technically do any LDAP search, doesn't necessarily have to be AD.

You just need a server and bind credentials, certificate, etc.

0 Karma

damode
Motivator

ok so basically, I should keep the SA-LDAP add-on as it is and upgrade to latest windows add-on.
Thanks for clarification.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...