Active Directory LDAP query result always missing attributes that are known to exist

Question

This is a problem Im currently stumped on, a user profile has an attribute 'EmployeeID' that appears when viewing that user with AD Explorer, so data exists, eg value of 12345. Now when I pull that user profile via LDAP, using a tool like Apache Studio, most attributes are returned, but not all, eg EmployeeID. I've experienced the same thing in other LDAP client apps. So the problem appears specific to an LDAP client versus 'API' calls.

The same credentials were used in all cases, so its not a permissions issue...

Has anyone seen this before or have a clue as to how to enable access to that attribute via LDAP?

Answer 1

I encountered a similar problem - my LDAP query was not returning all of the properties I was expecting to see. Properites were missing which would show up in AD Explorer. My problem was that I was mistakenly binding to the global catalog (ie. using the GC: moniker instead of LDAP:, in my query). GC queries are intended to be fast, so the global catalog only includes a partial set of properties for AD objects. Switching to the LDAP: moniker instead of GC: resolved my issue, returning the properties that had previously been missing.

For more information:

Binding to the Global Catalog

Binding to Active Directory Domain Services

Answer 2

If you look in MMC, Active Directory Users and Computers, from 2008 server, then there is an Advanced box in one of the menus. Once you enable that, you get an extra tab on each user, where you can see all the attributes in the list, so make sure

Then via ADSI Edit MMC you can look at the schema definition and see what the ldap name is. It is possible that the LDAP name is not quite what you would expect.