I am working on a Data Analytics project. In this project i have to read logs from Active Directory and then need to do further processing on that logs.
I have to insert that logs into a Kafka Topic.
Now i am not able to understand that how can i get logs from active directory? is there any connector for it? I gone through below link but not able to understand anything with this -
https://learn.microsoft.com/en-us/windows/desktop/wec/windows-event-collector
https://learn.microsoft.com/en-us/windows/desktop/wec/windows-event-collector
If anyone has any link related to it then it will be really helpful to me.
Azure Directory has report feature.
Audit logs https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
Sign in logs https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Risk sign-ins https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
Risk events https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events
users at risk https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-user-at-risk
You can use report api to get the logs. You can also archive azure ad logs to an Azure storage account.
You can check all the logs related to Active Directory in the Event Viewer, or if you want to get the file location where logs are actually stored, so you can get these file in [C:\Windows\System32\winevt\Logs] directory.
Related
I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.
We are working to publish more data to our Active Directory address book.
We would like to know if there are any strategies to monitor when users or applications perform an LDAP query against Active Directory to read data.
How would we configure our domain controllers to log these sorts of events?
Is monitoring these types of LDAP queries even achievable through Windows Event Logs?
An example of a query we would like monitored or logged is when an account pulls a list of all User objects in Active Directory.
Please let me know.
You can use Wireshark to capture the LDAP requests and report from there, if your requests are encrypted you will have to configure Wireshark accordingly
An alternative would be to use Active Directory Collector sets in Performance Monitor as explained in this article which seems to show LDAP queries, but the article gets technical fast!
I hit the below error when trying to insert the permission
"code": 403,
"message": "The authenticated user has not granted the app xxx write access to the child file xxx, which would be affected by the operation on the parent"
Here is what I am doing
We have two Google Account,
1. API Account - we used to create folder and change the ownership to Business account
2. Business Account - upload a file
now we try to share to folder to customer and we hit the above error
And here I using OAuth 2.0 Installed Applications to get the access token.
Please advise what is wrong I am doing here
I had the same issue but I realize that its because of the scope for credential wasn't setup properly. I only had DriveScopes.DRIVE_METADATA set which was not enough for downloading files. Once I added DriveScopes.DRIVE_FILE, DriveScopes.DRIVE, and DriveScopes.DRIVE_APPDATA, I was able to download the file without any problem. Hope this helps.
P.S. if you are changing credentials, you have to delete the previously saved credential file.
Based on the Official Google Documentation you received '403: The user has not granted the app' because the request is not on the ACL for the file. The user never explicitly opened the file with this Drive app.
It is highly recommended to use Google Open Picker and prompt the user to open the file or direct the user to Drive to open the file with the app.
My app uses the Drive rest API and the Drive Realtime API in combination. We set the file's permissions so that the public has view access, and then emailed a link to it to a few thousand customers.
The file's permissions are set so that the public has view access, but:
When a user tries to open the realtime document, we get Drive Realtime API Error: not_found: File not found.
When a user tries to copy the non-realtime file, we get The authenticated user has not granted the app 689742286244 write access to the file 0B-NHh5QARZiUUFctN0Zjc3RKdWs (of course we are not asking to write
You can see the effects for yourself at https://peardeck.com/editor/0B-NHh5QARZiUUFctN0Zjc3RKdWs , and our embarrassing attempts to cover for the errors.
Interesting notes:
Sharing the file directly with a particular google account seems to lift the curse, and then that google account can find the file like normal. No extra permissions, just an explicit reference to a google account.
Setting the file so that the public has full write access seems to have no effect
Other files with the exact same settings in the exact same Drive folder can be opened successfully (but presumably have not been opened by so many people in the past). This makes me think there is some broken state within Google.
How can I avoid this? What's going on?(!?!?) Thanks for any help!
The realtime API does not support anonymous access. All users must have a Google account and be explicitly authorized to view or write to the file.
I'm following these instructions on how to set a CORS configuration on a Google Cloud Storage bucket and when I run the gsutil cors set command it returns the following error message:
AccessDeniedException: 403 The account for bucket "[REDACTED]" has been disabled.
For the record, I have access to the bucket. I have owner privileges for this project in the Developer Console. Running gsutil cp and gsutil ls work just fine.
Any ideas on what might be wrong here?
I'm answering my question because I found the solution for this issue. I hope this helps anyone else who runs into this, because at the time there was little info on the web describing to how to solve this.
It turns out that my user account did not have "owner" access to the bucket. Here are the steps I took to grant myself access:
1) First, navigate to your project's Cloud Storage Browser in the Developer Console.
2) Once you see a listing of the buckets that are linked to your project, check the box next to the bucket(s) you'd like to modify the permissions for and then click the "Bucket Permissions" button.
3) Next, add your user account to the list of permitted users. Set the permission level to "owner". Click the "Save" button when you're done.
You should have access to the bucket now, which means you won't run into any 403 errors. If you are, you did not set the entity correctly or are using a different account when you authenticated with gsutil. Double-check your work and try again.
Just providing another tip in case others find themselves in the same situation I did. Make sure to log in with the correct google account using gcloud auth login. This can be a tricky detail if there are multiple Google accounts.