IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Core AD Query Content (Version 3.1)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. This article documents changes between releases of Core AD Query Content, formerly known as "Active Directory Query"

Important

Any Scheduled Actions running the Collect Active Directory Info package need to be recreated (or updated if using Platform 7.5 and Console 3) to recognize the updated package after any update of Core AD Query Content. These Scheduled Actions must be run with a Distribute Over Time (DoT) value in order to offset LDAP queries to Domain Controllers - the recommended DoT is 3 hours.

Core AD Query Content 3.1.8

Release Date: February 22, 2022

Improvements

  • improvements to cmd.exe usage

Fixes

  • Last Logged in User sensor no longer fails on non en-US machines
  • Last Run Status now correctly reports failed message

Core AD Query Content 3.1.4

Release Date: November 2, 2021

NOTE: As always any scheduled actions that push the "Collect Active Directory Info" package need to be recreated in order for the collected data to match the current version of this solution.

Fixes

  • Corrected a case sensitivity issue in "AD Query Computer Group Memberships" and "AD Query Computer Has Group Membership" sensors.
  • Corrected an issue with the "AD Query - Has Stale Results" sensor not returning True/False results
  • Corrected an issue causing user's in trusted domains from being reported correctly
  • Corrected an issue causing the inventory process to abruptly fail
  • Corrected an issue causing unresolvable SIDs to incorrectly be identified as a user or group
  • Corrected an issue causing unresolved SIDs to display an empty string instead of their SID
  • Corrected a typo in the "AD Query - Has Stale Results" sensor

Enhancements

  • Reduced the max age limit of user profiles limit to reduce the number of outdated profiles being processed
  • Improved handling of "Not enough time has elapsed" messages in the AD Query - Last Run Status sensor
  • The inventory process has added checks to verify failed inventory actions are not re-run
  • The inventory process no longer uses the last modified date of a user profile to determine the last logon date for a user
  • Added an ability to pre-stage domain info
  • Event Log data is now used to supplement certain user and domain data. *Requires the Event Log to be configured to record successful user logon events
  • Improved inventory run time reporting

Known Issues

  • The "AD Query - Last Run Status" sensor will incorrectly return "Script failed for unknown reasons" if a prior inventory run completes without error and the following inventory run is too soon.

Core AD Query Content 3.1.3

Release Date: February 23, 2021

NOTE: As always any scheduled actions that push the "Collect Active Directory Info" package need to be recreated in order for the collected data to match the current version of this solution.

Fixes

  • Corrected an issue allowing certain domain group types to be included in local group inventory on Domain Controllers.
  • Corrected an issue in the AD Query - User Has Group Membership sensor that caused it to incorrectly return a True result if a searched name was part of another group having a longer name that contained the searched name.
  • Corrected an issue causing the AD Query - Has Stale Result sensor to fail user inventory age.
  • Corrected an issue preventing xml elements in the inventory file to be updated if an additional computer or user attribute had its character case changed when new inventory collection actions were run.
  • Corrected an issue with "AD Query - Has Stale Results" results on non-English Windows installs.

Enhancements

  • Added an inventory cleanup process to remove objects that have not been inventoried in more than 45 days.
  • Improved Primary User detection to no longer include secondary logons.
  • The AD Query - Has Stale Results sensor now includes an additional check to verify the inventory file was last updated by the current content version. This helps customers determine if they are running outdated scheduled actions that reference a out of date Collect Active Directory Info package version.

Other

  • Removed support for reporting results from legacy inventory files (compAttr.xml, localGroups.xml, and userAttr.xml) which were left remaining on endpoints when Core ADQuery Content version 3 was released. Leaving these files in place provided the following benefits:
  • Sensors were still able to return valid results in the time period following the upgrade to the version 3 content and the next time an endpoint ran the version 3 Collect Active Directory Info package.
  • Any customers who had custom content were granted a time window to migrate their custom content that referenced the legacy inventory files to now reference the new version 3 inventory file.

Notes

  • The legacy inventory files will be removed the next time an endpoint runs the Collect Active Directory Info package version 3.1.2.
  • Sensors in this release will now only return results from the new version 3 inventory file. This provides customers better notification of any endpoints which are not completing their inventory cycle.

Core AD Query Content 3.1.1

Release Date: December 3, 2020

Improvements

  • Improve handling of Azure AD based users

Fixes

  • Correct an issue causing the inventory process to fail when the Event Log query returns a large amount of data.
  • Correct an issue causing the name resolution randomization to fail and having name resolution occur for all objects every time the inventory process ran.

Core AD Query Content 3.1.0

Release Date: October 20, 2020

Fixes

  • Improve resiliency when converting binary object SIDs to string format
  • Improve resiliency when directly binding to domain objects

Feature Improvements

  • Fix logging of unsupported inventory attributes
  • Add macOS support to the "AD Query - Primary User Details" and "AD Query - Has Stale Results" sensors
  • Add Windows and macOS "Primary User Email Addresses" sensor
  • All reading computer properties

Supported Tanium Platforms

Tanium Server 7.2, 7.3, 7.4

Product Documentation and Resources