Forum Discussion
Display user role in AD
hello, I'm creating a query to display AD accounts activity. Such as account creation. I would like to see who has reacted an account (With caller command) I would like to see Users role as well...
Thanks for the information provided!
Will let you know what was the outcome.
Thanks one more time.
Arnold
Hello,
I have managed to gather some code but sadly it's not providing info needed in the alert itself.
Code itself is straight forward:
AuditLogs
| where OperationName == "Add user"
| extend userPrincipalName_ = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)
| extend userPrincipalName2_ = tostring(TargetResources[0].userPrincipalName)
| extend AccountCustomEntity = userPrincipalName_
| extend AccountCustomEntity2 = userPrincipalName2_
It does generate info needed in the logs tab. Such as who performed activity userPrincipalName_ and who was impacted userPrincipalName2_.
But when I add this query to alert it only generates userPrincipalName_ name only.
I want to see who performed what based on OperationName and who was impacted.
Maybe you can assist me here as well?
thanks in advance,
Arnold
Arnold