Skip to main content Link Search Menu Expand Document (external link)

ResourceName - ADUser

Table of contents

An example of what this resource includes:

"@ADUser": {
    "cn": "Smith, Jeffrey",
    "createdOn": "2011-03-24T20:12:32Z",
    "customer": "us_abcd",
    "department": "123 - Janitorial",
    "description": "",
    "displayName": "Smith, Jeffrey",
    "distinguishedName": "CN=Smith\\, Jeffrey,OU=HR Notification,OU=ABCD Disabled Users,OU=ABCD,DC=us,DC=abcd,DC=com",
    "givenName": "Jeffrey",
    "lastLogon": "",
    "lastLogonTime": "0001-01-01T00:00:00Z",
    "msDSPrincipalName": "ABCD\\smithj",
    "name": "Smith, Jeffrey",
    "objectSid": "S-1-5-21-1210911605-682387052-1167487308-18158",
    "pluginName": "",
    "propertyFlags": [
      "ACCOUNTDISABLE",
      "NORMAL_ACCOUNT"
    ],
    "pwdLastSet": "0",
    "pwdLastSetTime": "1970-01-01T00:00:00Z",
    "sAMAccountName": "smithj",
    "sn": "Smith",
    "translation": {
      "agentID": "smithj",
      "asset": "Smith, Jeffrey",
      "ip": "",
      "source": "us_abcd",
      "username": "smith@abcd.com"
    },
    "updatedOn": "2022-01-10T09:20:18Z",
    "userAccountControl": 514,
    "userPrincipalName": "smith@abcd.com",
    "whenChanged": "20220110092018.0Z",
    "whenCreated": "20110324201232.0Z"
  },
  "@customer": "us_abcd",
  "@dayIndex": "20220829-21",
  "@key": "smithj",
  "@resource_type": "ADUser",
  "@source": "ldap",
  "@timestamp": 1661808676457,
  "@type": "resource"

An example of loading the resource:

function username()
    load resource ADUser
    let {username} = f("@ADUser.translation")
    aggregate count_username=count() by username
end

function department()
    load resource ADUser
    let {department} = f("@ADUser")
    aggregate count_department=count() by department
end

stream username=username()
stream department=department()