Download and configure the Splunk Add-on for Microsoft Active Directory
The Splunk Add-on for Microsoft Active Directory is available on Splunkbase. When you download and deploy the add-ons to domain controllers, the add-ons collect Active Directory data and send it to Splunk App for Windows Infrastructure indexers.
More information about the Active Directory add-ons
The following table lists details about the Active Directory add-on.
|Splunk_TA_microsoft_ad||For Active Directory domain controllers that run Windows Server 2008, 2008 R2, 2012 R2 and later. Requires the Splunk Add-on for PowerShell.|
Download the Splunk Add-on for Microsoft Active Directory
The Splunk Add-ons for Microsoft Active Directory and PowerShell are available on Splunkbase.
Download the add-on package and save it to an accessible place on the deployment server:
- In a web browser, proceed to the Splunk Add-on for Active Directory download page.
- Click the download link to begin the download process. You might need to sign in with your Splunk account before the download starts.
- When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
- Repeat this process for the Splunk Add-on for PowerShell.
- Use an archive utility such as WinZip to unarchive the file to an accessible location.
Configure the Splunk Add-on for Microsoft Active Directory
The Splunk Add-on for Microsoft Active Directory do not require any configuration edits by default. When you deploy them onto Active Directory domain controllers, they immediately begin collecting data as long as you have configured audit policy.
You have downloaded the Splunk Add-on for Microsoft Active Directory. The next step involves deploying those add-ons into the universal forwarders that you install on your Active Directory domain controllers.
Configure PowerShell Execution policy in Active Directory
Deploy the Splunk Add-on for Microsoft Active Directory
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (EOL): 1.3.0, 1.4.0