All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows Infrastructure: Why am I getting error "invalid attribute type in attribute list: msDS-PrincipalName" when running change or audit reports?

barrycuda72
Explorer
‎03-02-2015 08:18 AM

I am trying to use the Splunk App for Windows Infrastructure to track changes to AD groups and users.
Running on a Windows 2003 domain. I have installed the latest version of the app and the correct TA add-on for 2003 domains.
However when run any of the built-in change or audit reports it errors out with "invalid attribute type in attribute list: msDS-PrincipalName"
As far as I can tell this is an Active Directory attribute in AD 2008 an higher.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎04-21-2015 05:11 PM

Hi guys,

Please file a support ticket to have someone triage the issues you are experiencing. The sooner you do this, the sooner we can determine if it is a bug.

The msDS-PrincipalName attribute does not exist in Windows Server 2003 Active Directory services.

0 Karma
Reply

satishsdange
Builder
‎03-03-2015 01:54 AM

Your problem might be related to below "known issue"

http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Current known issues
The Splunk App for Windows Infrastructure has the following known issues:

In certain cases, the app setup prerequisite check prevents you from proceeding even though all prerequisite checks have passed. To work around the problem, confirm that the Splunk Add-on for Windows and the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch) have been activated (and not just installed) in the Apps page in Splunk Web. (TAG-9012)

0 Karma
Reply

barrycuda72
Explorer
‎03-06-2015 11:24 AM

I checked and I had previously activated that app and it passed the self test. The prerequisite check finds everything and processes just fine.

0 Karma
Reply

malmoore
Splunk Employee
Splunk Employee
‎03-06-2015 04:03 PM

Can you provide a screenshot of this error? Thanks.

0 Karma
Reply

barrycuda72
Explorer
‎03-09-2015 12:22 PM

I would send a screen shot if I could figure out how to put it here. As an fYI I built an entire new Splunk server and followed these steps to the letter http://docs.splunk.com/Documentation/MSApp/1.1.2/MSInfra/Releasenotes

Here is what is in the "New Search" box
|secrpt-large-groups(domain,100)

Here is the error message
⚠ External search command 'ldapgroup' returned error code 1. Script output = " ERROR "LDAPAttributeError at ""C:\Program Files\Splunk\etc\apps\SA-ldapsearch\bin\packages\ldap3\operation\search.py"", line 315 : invalid attribute type in attribute list: msDS-PrincipalName" "

0 Karma
Reply

sihamUfp
New Member
‎04-21-2015 02:49 AM

i have the same problem

0 Karma
Reply
Get Updates on the Splunk Community!

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

❄️ Welcome the new year with our January lineup of Community Office Hours, Tech Talks, and Webinars! 🎉 ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...