First, the ADMonitoring.ini is incorrectly stated in the troubleshooting steps. I had this as the input in version 1.0, and didn't update the steps until the latest release.
For troubleshooting, you want to make sure that the only [admon://NearestDC] input specified is in the Splunk AddOn for Microsoft Active Directory. If you enabled the Active Directory input option during the Splunk Forwarder Installation, then remove it from the $SPLUNK_HOME/etc/apps/SplunkUniversalForwarder/local/inputs.conf file.
To see the admon://NearestDC input settings, and what directory it is set at, the run the following command from a command line in the bin directory:
splunk cmd btool inputs list admon://NearestDC --debug
This will show all the settings for the admon://NearestDC. The key pieces that you want to make sure are there are:
baseline = 1
disabled = 0
monitorSubtree = 1
... View more