I have osquery running multiple queries on windwos machines periodically, and sending the results to a kafka instance. I want to collect an Active Directory dump of users and groups using osquery. Querying the built-in 'users' table contains insufficient information for my use. I suppose the canonical way is to find or create an extension. but that would potentially take a long time for me to figure out. Is there a way to achieve this through Scripts? I suppose I can upload a powershell script to fleet and run it programmatically at a set interval. But how to run the script such that the results are sent to my kafka using the built-in osquery kafka producer? Any other ideas? Thanks!

can you provide some more context as to which info you want or what is missing from users? maybe other tables can provide and a join would get you where you want to be

Hi, yes, I would like info such as whether the account is enabled, failed login count, etc.. things that are available through the AD powershell modules, for example.