I have a similar problem as well. I have a Splunk Indexer 6.2.5 running on Windows 2008 and a DC with UF running on Windows 2012 R2 with the SH being a deployment server. My main problem is not seeing data from the Active Directory Computer, Users and Groups and I have followed the Windows Infrastructure app manual to the book, and I have implemented several suggestions I read on several posts out here such as adding the winfra-admin, windows-admin roles to the "admin" user I login with and also adding the msad, wineventlog, and windows to the default index searched by the winfra-admin role, but the ActiveDirectory data is still not showing up on the Win Infrastructure and the Search App. Also, I do not see a source type of MSAD in the search app, and the list below shows all my search app is showing:
ACTIVE DIRECTORY
MSAD:NT6:Health
MSAD:NT6:SiteInfo
Powershell:ScriptExecutionErrorRecord
Powershell:ScriptExecutionSummary
WMI:WinEventLog:Security
WinEventLog:Security
WinEventLog:System
WinNetMon
I did note however that the 'Powershell:ScriptExecutionErrorRecord' sourcetype returned two types of errors listed below:
ParentIdentity="eb8ab918-cc33-4051-80a5-985cf6851b2b" ErrorIndex="0" ErrorMessage="The server has returned the following error: invalid enumeration context." PositionMessage="At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-DomainController-2012R2\bin\powershell\siteinfo.ps1:7 char:8 + $DC = Get-ADDomainController -Identity $ServerName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" CategoryInfo="NotSpecified: (WIN-MAIN-DC-VM:ADDomainController) [Get-ADDomainController], ADException" FullyQualifiedErrorId="ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController" Exception="Microsoft.ActiveDirectory.Management.ADException: The server has returned the following error: invalid enumeration context. ---> System.ServiceModel.FaultException: Invalid Enumeration Context specified in the request. --- End of inner exception stack trace --- at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(AdwsFault adwsFault, FaultException faultException) at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Search(ADSessionHandle handle, ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADObjectSearcher.PagedSearch(Object& pageCookie, Boolean& hasSizeLimitExceeded, Int32 pageSize, Int32 sizeLimit) at Microsoft.ActiveDirectory.Management.ADObjectSearchResultEnumerator.System.Collections.IEnumerator.MoveNext() at Microsoft.ActiveDirectory.Management.Commands.ADDirectoryServerFactory 1.ResolveIdentityToNTDSSettingsDN(T identityObj, ICollection 1 propertiesToFetch, Boolean checkForDCs, ADObject& computerObj, ADObject& serverObj, ADObject& ntdsDSAObj) at Microsoft.ActiveDirectory.Management.Commands.ADDomainControllerFactory 1.GetExtendedObjectFromIdentity(T identityObj, String identityQueryPath, ICollection 1 propertiesToFetch, Boolean showDeleted) at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase 3.ADGetCmdletBaseProcessCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase 1.ProcessRecord()" InnerException="System.ServiceModel.FaultException: Invalid Enumeration Context specified in the request."
ParentIdentity="8b61175d-2253-4ded-a83e-cd573c864ba3" ErrorIndex="0" ErrorMessage="A local error has occurred" PositionMessage="At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-DomainController-2012R2\bin\powershell\siteinfo.ps1:7 char:8 + $DC = Get-ADDomainController -Identity $ServerName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" CategoryInfo="NotSpecified: (WIN-MAIN-DC-VM:ADDomainController) [Get-ADDomainController], ADException" FullyQualifiedErrorId="ActiveDirectoryServer:8251,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController" Exception="Microsoft.ActiveDirectory.Management.ADException: A local error has occurred ---> System.ServiceModel.FaultException 1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault]: The lightweight directory access protocol (LDAP) operation failed. Server stack trace: at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.TopologyManagement.GetADDomainController(GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADDomainController(GetADDomainControllerRequest request) --- End of inner exception stack trace --- at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(CustomActionFault caFault, FaultException faultException) at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADDomainController(GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADTopologyManagement.GetADDomainController(ADSessionHandle handle, GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.ADTopologyManagement.GetDomainController(String[] dcNtdsSettingsDN) at Microsoft.ActiveDirectory.Management.Commands.ADDomainControllerFactory 1.GetExtendedObjectFromIdentity(T identityObj, String identityQueryPath, ICollection 1 propertiesToFetch, Boolean showDeleted) at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase 3.ADGetCmdletBaseProcessCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase 1.ProcessRecord()" InnerException="System.ServiceModel.FaultException 1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault]: The lightweight directory access protocol (LDAP) operation failed. (Fault Detail is equal to schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault).
PLEASE, any guidance in resolving this problem will be greatly appreciated. I have been working on this for over 3 weeks.
... View more