Graylog with Active Directory


I am new in GrayLog, I am trying to set it up with AD. In the user Synchronization I do have:

Base DN: OU=users,dc=my,dc=server,dc=local

I want it to sync with users that are on a specific security groups.

Could yo tell me how can I set it up so graylog can get the users from 2 securitygroups and not from all users? I do not know how I can setup adding only the security groups.

Or if I can add the groups, How can I point it to users only?

in your search pattern you can put something like this:



So to add 2 security groups this is what it needs to be right? It looks bigger as my distinguishedname looks like that.

Search Base DN:

Search Pattern:
(&(objectClass=user)(sAMAccountName={0})(objectCategory=person)(memberOf=CN=mysecuritygroup1 & memberOf=mysecuritygroup2,OU=Groups,OU=Global,DC=mydc,DC=mydc,DC=mydc,DC=local))

Name Attribute: userPrincipalName

Full Name Attribute: displayName

Default Roles: Reader


Just to let you know that I have managed to make it work as expected. We can now log in with our AD accounts.


Great! Please mark the post that has the answer in it or post up what you did for a solution for future users to search against! :slight_smile:

The solution for my case:

As I wanted to search for users in two different security groups, below is the solution:

Search Pattern:

Mine looks bigger as my distinguishedname looks like that.
Always see your distiguishedname

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.