This is specific to the Microsoft Active Directory and Windows
Collector.

_*History:*_

Some events (only know of 4740 so far) don't include all information
needed for 'IdT' (https://www.netiq.com/products/identity-tracking/) to
attach the event to a user (username, domainname, and tenant). In the
case of 4740, the domainname is missing.

_*Solution:*_

The temporary solution is to have the Collector map the available SID to
the TargetUserName(dun) / TargetUserDomain(rv45) until such time NetIQ
provide a permanent solution to the "enhancement request".

So, I've been looking at Norbert's 'Cool Solution'
(http://tinyurl.com/oga4bz3) for mapping SIDs as a basis.

My question is, if I change dun/rv45 to use my map based on
TargetUserID(tuid), does the original dun/rv45 value pass through if it
doesn't match in the map or is it stripped? I would like to only change
Record.prototype.parse_4740 rather than every single event id....but if
I have to, I have to.


--
-"Also now available in 'G+'
(https://plus.google.com/u/0/112362149544381813153) and 'Website'
(https://www.isam.kiwi/) format".-
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=53002