Hello guys
Hope you are doing great!
I want to configure a query, some guys are disabled in AD and also, in Splunk ES when i open the Identity Investigatior it is showing also a disabled (cn=*,ou=disabled,ou=united,ou=accounts,dc=global,dc=ual,dc=com)
But in users it showing his role on under the roles but it should be need to sho as no_access,
Now I want build a query and create a alert
Can you please help me on this
Ani