This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can someone help me with the Microsoft Windows AD data integration?

Posted on 09-20-2023 12:56 AM
Roberto_Del
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello, I'm having issues with this integration https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-windows-ad . It seems like if NXLog is running, the export file is locked and the script cannot delete/write the file itself. So it doesn't work

0 1 213
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
RanjithHegdeK
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Change the directory and filename in the below given script,

# Set the location where the log file will be written
$OUTPUT_DIRECTORY = "file directory"
$OUTPUT_FILENAME = "filename"
$OUTPUT_PATH = Join-Path -Path $OUTPUT_DIRECTORY -ChildPath $OUTPUT_FILENAME

# Remove the existing output file if it exists
If (Test-Path -Path $OUTPUT_PATH) { Remove-Item -Path $OUTPUT_FILENAME -ErrorAction SilentlyContinue }

# USER_CONTEXT: Gets all Active Directory users and their properties.
Get-ADUser -Filter * -properties samAccountName | % { Get-ADUser $_.SamAccountName -properties * | ConvertTo-JSON -compress | Out-File -encoding utf8 $OUTPUT_PATH -Append }

# ASSET_CONTEXT: Gets all Active Directory assets and their properties.
Get-ADComputer -Filter * -properties samAccountName | % { Get-ADComputer $_.SamAccountName -properties * | ConvertTo-JSON -compress | Out-File -encoding utf8 $OUTPUT_PATH -Append }

0 Likes
Top Solution Authors
View all