AD Administrator Audit
The Administrator Audit dashboard displays information about Active Directory user objects, and includes specifics on:
- Active Directory record.
- Group Membership.
- Accounts that were locked out after failing to logon properly.
- Failed logons by the selected user.
How to use this page
In this selection panel, you can choose the domain from which you want to display user audit data by selecting the Account Domain drop-down list. You must do so in order to get information on user account activity within the domain.
You can further narrow down your search by typing in the name of a valid user object in the User Account field. If you type in '*' (asterisk), the Splunk App for Windows inFrastructure searches against all users.
You can also control how much data gets displayed by selecting the time range you desire in the time range picker on the upper left side of the dashboard.
User Audit | User Record Changes |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
Feedback submitted, thanks!