Splunk® App for Microsoft Exchange (EOL)

Deploy and Use the Splunk App for Microsoft Exchange

On October 22 2021, the Splunk App for Microsoft Exchange will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Microsoft Exchange.

Configure PowerShell Execution policy in Active Directory

Note: If you are using TA-Windows version 6.0.0 or later then you don't need TA_AD and TA_DNS, as they are merged with TA-Windows. To configure TA-Windows v6.0.0, Please refer to Deploy and configure the Splunk Add-on for Windows version 6.0.0 or later.

Enable local PowerShell script execution

The Splunk Add-ons for Microsoft Exchange, Microsoft Active Directory, and Windows DNS contain PowerShell scripts that run on the AD (domain controllers and DNS) and Exchange hosts in your Exchange Server environment. You must configure the domain controllers to allow local execution of PowerShell scripts so that they can run.

All versions of Windows Server after Windows Server 2008 SP2 have PowerShell 2.0 installed by default. All versions of Windows Server 2012 have PowerShell 3.0 installed by default. You might need to install Windows Management Framework on Windows Server 2003 family computers.

Download Windows Management Framework

  1. If required, download Windows Management Framework (http://support.microsoft.com/kb/968929) from Microsoft's Support site and install it.
  2. If required, download the Administrative Templates (.admx) for your version of Microsoft Windows from the [Microsoft Download Center https://www.microsoft.com/en-us/download/], then copy PowerShellExecutionPolicy.adml and PowerShellExecutionPolicy.admx file into your Administrative Templates folder (default location is %systemroot%\PolicyDefinitions).

Note: All versions of Windows Server 2008 (except Core) and later have the required templates for PowerShell installed.

Create a GPO to change Active Directory PowerShell execution policy

  1. Create a new Active Directory GPO:
  2. Open the GPO for editing.
  3. In the GPO editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell.
  4. Right-click "Turn on script execution", then select "Edit".
  5. In the window that appears, click the "Enabled" radio button.
  6. In the "Execution Policy" drop-down, select Allow local scripts and remote signed scripts.
  7. Click "OK" to accept the changes.
  8. Close the Group Policy Object editor to save your changes.
  9. Deploy the GPO.

Monitor GPO updates to the domain

After you have deployed the GPOs, it can take up to 120 minutes before Active Directory applies the GPOs to the domain. If you want to deploy the GPOs faster, you must run the GPUPDATE /force command on every computer upon which you want to update Group Policy.

Next Step

Download and configure the Splunk Add-ons for Microsoft Active Directory

Last modified on 06 October, 2021
Configure Active Directory audit policy   Download and configure the Splunk Add-on for Microsoft Active Directory

This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 4.0.4

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters