All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows Infrastructure: Why am I getting error "invalid attribute type in attribute list: msDS-PrincipalName" when running change or audit reports?

barrycuda72
Explorer
‎03-02-2015 08:18 AM

I am trying to use the Splunk App for Windows Infrastructure to track changes to AD groups and users.
Running on a Windows 2003 domain. I have installed the latest version of the app and the correct TA add-on for 2003 domains.
However when run any of the built-in change or audit reports it errors out with "invalid attribute type in attribute list: msDS-PrincipalName"
As far as I can tell this is an Active Directory attribute in AD 2008 an higher.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎04-21-2015 05:11 PM

Hi guys,

Please file a support ticket to have someone triage the issues you are experiencing. The sooner you do this, the sooner we can determine if it is a bug.

The msDS-PrincipalName attribute does not exist in Windows Server 2003 Active Directory services.

0 Karma
Reply

satishsdange
Builder
‎03-03-2015 01:54 AM

Your problem might be related to below "known issue"

http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Current known issues
The Splunk App for Windows Infrastructure has the following known issues:

In certain cases, the app setup prerequisite check prevents you from proceeding even though all prerequisite checks have passed. To work around the problem, confirm that the Splunk Add-on for Windows and the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch) have been activated (and not just installed) in the Apps page in Splunk Web. (TAG-9012)

0 Karma
Reply

barrycuda72
Explorer
‎03-06-2015 11:24 AM

I checked and I had previously activated that app and it passed the self test. The prerequisite check finds everything and processes just fine.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎03-06-2015 04:03 PM

Can you provide a screenshot of this error? Thanks.

0 Karma
Reply

barrycuda72
Explorer
‎03-09-2015 12:22 PM

I would send a screen shot if I could figure out how to put it here. As an fYI I built an entire new Splunk server and followed these steps to the letter http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Here is what is in the "New Search" box
|secrpt-large-groups(domain,100)

Here is the error message
⚠ External search command 'ldapgroup' returned error code 1. Script output = " ERROR "LDAPAttributeError at ""C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\ldap3\operation\search.py"", line 315 : invalid attribute type in attribute list: msDS-PrincipalName" "

0 Karma
Reply

sihamUfp
New Member
‎04-21-2015 02:49 AM

i have the same problem

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...