Splunk® App for Windows Infrastructure (Legacy)

Splunk App for Windows Infrastructure Reference

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Active Directory Overview (Topology Report)

Exch 30 adoverview.png

This topic discusses the "Active Directory Overview (Topology Report)" page.

Overview

The Topology Report displays a view of all of the AD forests, domains, and domain controllers known to the Splunk App for Windows Infrastructure at the present time. You can return to this dashboard at any time by selecting Active Directory > Active Directory Overview'.

The Topology Report page splits into two halves, upper and lower. The upper half of the page is a selection panel which allows you to choose the forests, sites, domains, and domain controllers that the Splunk App for Windows Infrastructure knows about.

The lower half of the page displays additional information based on what you select on the upper half. It displays detailed information on the domain controllers in the selected forest and domain, and includes the following statistics:

  • The host name of the domain controller (DC).
  • The AD site that the DC belongs to.
  • The operating system and version of Windows the server runs.
  • The AD Flexible Single Master Operation (FSMO) role(s) the server holds.
  • Information on the Directory Service Agent (DSA) options available for the DC.
  • Information on the status of the AD services that the machine runs.
  • Information on whether or not the server has registered itself in DNS.
  • Information on whether or not the machine's SYSVOL share is available on the network.

In this dashboard, icons in the "Masters Roles" column indicate the operations master roles for each server.

Icon Role Description
FSMOroles-S.png Schema Master The Schema Master controls all updates to the Active Directory's schema, then replicates it to all other domain controllers in the forest. There can be only one Schema Master in an entire forest.
FSMOroles-D.png Domain Naming Master The Domain Naming Master controls the naming of all domains within the forest. It is the only domain controller that can add or remove domains from Active Directory. As such, only one Domain Naming Master can be present in a forest.
FSMOroles-R.png Relative ID Master The Relative ID Master domain controller maintains the relative ID (RID) resource pool and is responsible for allocating RIDs to other domain controllers within a domain when they are requested during the creation of security principle objects like users and groups. There can only be one RID Master in a domain.
FSMORoles-P.png PDC Emulator Master This domain controller emulates the Primary Domain Controller (PDC) role for a domain and handles time synchronization across the domain. It also handles various PDC duties (such as password changes, account lockouts and GPO manipulation) for domains which have both Windows Server 2000 and Server 2003 domain controllers present. Only one PDC emulator can be present in a domain.
FSMORoles-I.png Infrastructure Master The Infrastructure Master handles updates to the security identifier (SID) and distinguished name (DN) of an object that is cross-referenced by another object in another domain. There can only be one Infrastructure Master in a domain.

The DSA options are listed as icons under the "DSA Options" column:

  • A globe indicates that the server is a Global Catalog (GC).
  • A padlock indicates that the server is a Read-only Domain Controller (RODC).

How to use this page

You can click on any domain controller in the list to get additional information about that domain controller. See Domain Controller status for more details.

You can limit the number of domain controller objects displayed by selecting the Show n entries list box on the left. You can also search for a specific string (such as the name of a domain controller) by typing in the string in the Search: field on the right.

Last modified on 14 December, 2014
Active Directory Reports   Domain Health Issues

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.3.0, 1.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters