All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows Infrastructure: Why am I getting error "invalid attribute type in attribute list: msDS-PrincipalName" when running change or audit reports?

barrycuda72
Explorer
‎03-02-2015 08:18 AM

I am trying to use the Splunk App for Windows Infrastructure to track changes to AD groups and users.
Running on a Windows 2003 domain. I have installed the latest version of the app and the correct TA add-on for 2003 domains.
However when run any of the built-in change or audit reports it errors out with "invalid attribute type in attribute list: msDS-PrincipalName"
As far as I can tell this is an Active Directory attribute in AD 2008 an higher.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎04-21-2015 05:11 PM

Hi guys,

Please file a support ticket to have someone triage the issues you are experiencing. The sooner you do this, the sooner we can determine if it is a bug.

The msDS-PrincipalName attribute does not exist in Windows Server 2003 Active Directory services.

0 Karma
Reply

satishsdange
Builder
‎03-03-2015 01:54 AM

Your problem might be related to below "known issue"

http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Current known issues
The Splunk App for Windows Infrastructure has the following known issues:

In certain cases, the app setup prerequisite check prevents you from proceeding even though all prerequisite checks have passed. To work around the problem, confirm that the Splunk Add-on for Windows and the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch) have been activated (and not just installed) in the Apps page in Splunk Web. (TAG-9012)

0 Karma
Reply

barrycuda72
Explorer
‎03-06-2015 11:24 AM

I checked and I had previously activated that app and it passed the self test. The prerequisite check finds everything and processes just fine.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎03-06-2015 04:03 PM

Can you provide a screenshot of this error? Thanks.

0 Karma
Reply

barrycuda72
Explorer
‎03-09-2015 12:22 PM

I would send a screen shot if I could figure out how to put it here. As an fYI I built an entire new Splunk server and followed these steps to the letter http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Here is what is in the "New Search" box
|secrpt-large-groups(domain,100)

Here is the error message
⚠ External search command 'ldapgroup' returned error code 1. Script output = " ERROR "LDAPAttributeError at ""C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\ldap3\operation\search.py"", line 315 : invalid attribute type in attribute list: msDS-PrincipalName" "

0 Karma
Reply

sihamUfp
New Member
‎04-21-2015 02:49 AM

i have the same problem

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...