This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10
Read, monitor and audit Microsoft Active Directory from within Splunk.
Baseline the Active Directory schema to detect changes and identify key fields for extraction from Active Directory changes and other Windows events.
Detect changes in all of Active Directory, or target specific trees, domains or OUs for comprehensive change detection and auditing.
Use the user and machine metadata stored in Active Directory - names, locations, phone numbers, etc - to decorate other event data at searchtime using the list lookup feature. See the GUID-to-name translation event decorations and search time function provided in the Windows app as an example.