Custom search failed login for specific AD group

Hi akingbade.ajewole,

Your expression has a mistype, the correct one for Domain Admins group is

(ComputerType & 24 != 0) and member_of(Who, 'Domain Admins', true)

Also I have to say that the speed of such custom filter may be quite low, in my environment the calculation takes 3 seconds per one event.

Thanks for the reply. I changed to that and got no result after running for 3hrs.

Thanks for the reply. I changed to that and got no result after running for 3hrs.

Hi,

There might be several reasons for such result. Member_of is making direct live requests to AD of your domain. First, if the user under which you run RV and the events in the repository are not from the same forest/domain, using member_of has no sense, nothing will be found. The Second reason is opposite, you are in the same forest/domain and there is a huge amount of events that should be returned to a grid. As I mentioned earlier, the search may take unreasonable time. I agree that this combination (who + member_of) should have better performance, and I will create a change request on this. May I ask you also contact the official Quest support and create a ticket, this will speed-up the investigation and possible fix.

Thank you!

Thanks for the info. I tried support first and was told to use user forum. I will have to play around with it.