IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

ADQuery 2.1.0.0001 jp

From Tanium Knowledge Base
Jump to navigation Jump to search


はじめに:ADQuery

Download Location

This content is available at: https://content.tanium.com/files/published/ADQuery/2018-03-26_08-32-13_2.1.0.0001-ga35c996/ADQuery.xml

Usage

Questions

AD Query - All Windows

Get Is Windows from all machines

AD Query - Has Stale Computer Results

Get AD Query - Has Stale Results[Computer, 4] from all machines with AD Query - Has Stale Results[Computer, 4] containing "True"
Packages:

AD Query - Has Stale Local Administrator Results

Get AD Query - Has Stale Results[Admin, 4] from all machines with AD Query - Has Stale Results[Admin, 4] containing "True"
Packages:

AD Query - Has Stale Results

Get Target from all machines with ( AD Query - Has Stale Results[Computer, 4] containing "True" or AD Query - Has Stale Results[User, 4] containing "True" or AD Query - Has Stale Results[Admin, 4] containing "True" )
Packages:

AD Query - Has Stale User Results

Get AD Query - Has Stale Results[User, 4] from all machines with AD Query - Has Stale Results[User, 4] containing "True"
Packages:

Packages

Collect Active Directory Info

This package contains 1 files and 0 sensors.

Additional Properties:

  • Command Line: cmd /c cscript //T:300 collectAdInfo.vbs "$1" "$2" "$3"
  • Command Line Timeout: 300

Prompts:

Name / Value Prompt Help Type Possible / Default Values
Collect Computer Attributes Checkbox Disabled
Collect User Attributes Checkbox Disabled
Collect Local Group Memberships Checkbox Disabled

Files:

  • collectAdInfo.vbs

Sensors

AD Query - Logged In User Details

Returns details for the current logged on user.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Columns

Name Type Description
Name Text
Department Text
Country Text
City Text
Email Text
Phone Number Text

AD Query - Computer Groups

The distinguishedName of any Active Directory groups the computer is explicitly a member of (no nested groups). Also returns the computer's Primary Group. The group is returned from the memberOf attribute and is in RFC 1779 format (CN=TestGroup,OU=Sales,DC=MyDomain,DC=com).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - Local Groups

Returns the names of all local groups. No group members are returned.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - Computer Group Memberships

All Active Directory group memberships the computer is a member of -both explicitly and implicitly. Nested groups are also returned. The group is returned in NT format (SomeDomain\SomeGroup).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - Primary User Groups

The distinguishedName of Active Directory group memberships for the computer's primary user. The groups returned are those which the user is explicitly a member of (no nested groups). Also returns the user's Primary Group. The group is returned from the memberOf attribute and is in RFC 1779 format (CN=TestGroup,OU=Sales,DC=MyDomain,DC=com).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - Local Group Membership

Returns local groups and their members. To return all groups, specify All. Input accepts a single group name, or a comma delimited list of multiple names. Dependent on the AD Query content pack.

Columns

Name Type Description
Group Text
Member Text
Location Text
Type Text

Parameters

Name Description Type Possible / Default Values
Groups Group(s) Text Administrators

AD Query - Computer Has Group Membership

Returns True if the computer is a member of the Active Directory group.
Returns False if no match was found.

The group may be specified as groupname and domain\groupname syntax.
Multiple groups may be specified if separated by a comma. Ex: group,corp\group

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Parameters

Name Description Type Possible / Default Values
Groups Groups Text

AD Query - Primary User Group Memberships

All groups the primary user of the computer is a member of -both explicitly and implicitly. Nested groups are also returned. The group is returned in NT format (SomeDomain\SomeGroup).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - User Group Memberships

All group memberships the specified user is a member of -both explicitly and implicitly. Nested groups are also returned. The result is returned in NT format as UserDomain\UserName|GroupDomain\GroupName.

User names may be specified as username, domain\username.
Multiple users may be specified if separated by a comma. Ex: user,.\user,corp\user
Input 'all' into the Users field to return group membership of all inventoried users.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Columns

Name Type Description
User Text
Group Text

Parameters

Name Description Type Possible / Default Values
Users Users Text

AD Query - Primary User Details

Returns details for the primary user based on the number of interactive logon events.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Columns

Name Type Description
Name Text
Department Text
Country Text
City Text
Email Text
Phone Number Text

AD Query - Primary User

Returns the computer's primary user based on the number of interactive logon events.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - Logged In User Group Memberships

All group memberships the logged in user is a member of -both explicitly and implicitly. Nested groups are also returned. The group is returned in NT format (SomeDomain\SomeGroup).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

AD Query - User Attributes

Returns specified attributes for the desired user.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Parameters

Name Description Type Possible / Default Values
strUser Active Directory Username Text
strAttr Active Directory Attribute Text

AD Query - Local Administrators

Returns users and groups who are a member of the local Administrators group.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Columns

Name Type Description
Name Text
Location Text
Type Text

AD Query - Has Stale Results

Returns True/False value based on the time the AD Query XML files were generated and a time period the Active Directory data should be considered stale.

Parameters

Name Description Type Possible / Default Values
type AD Data Type Selection

Computer
User
Groups

intHours Hours Old Numeric

AD Query - User Has Group Membership

Returns True if the user is a member of the group.
Returns False if no match was found.

Input 'any' in the User field to test any inventoried user for membership.
The user may be a local account or an Active Directory account.
The user may be specified as username and domain\username syntax.
Multiple users may be specified when separated by a comma. Ex: user,.\localuser,corp\user

The group may be a local group or an Active Directory group.
The group may be specified as groupname and domain\groupname syntax.
Multiple groups may be specified if separated by a comma. Ex: group,.\group,corp\group

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Parameters

Name Description Type Possible / Default Values
Users Users Text
Groups Groups Text

AD Query - Computer Attributes

Returns the value of the specified Active Directory attribute from the computer's Active Directory object.

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Parameters

Name Description Type Possible / Default Values
strAttr Active Directory Attribute Text

AD Query - Logged In User Groups

The distinguishedName of any Active Directory groups the user is explicitly a member of (no nested groups). Also returns the user's Primary Group. The group is returned from the memberOf attribute and is in RFC 1779 format (CN=TestGroup,OU=Sales,DC=MyDomain,DC=com).

This sensor is dependent on the AD Query content pack and will only return data after the Collect Active Directory Info package has completed an inventory.

Actions

Deploy Collect Active Directory Info


Packages: