Results 1 to 5 of 5

Thread: Active Directory Users missing attribute

  1. #1
    Join Date
    Mar 2012
    Posts
    6

    Active Directory Users missing attribute

    Hello everyone,

    I am writing a script that retrieves some Active Directory users, and writes them to a text-file. In this script, i used a filter to retrieve only the users which have the 'PasswordNeverExpires' attribute. I've learned that this attribute, along with others, is stored in the 'userAccountControl' attribute.

    When i checked our AD users in an LDAP browser, i noticed that 80% of our users don't have a userAccountControl attribute, thus also no 'PasswordNeverExpires' ?! Then i checked some users in Server Manager, and they all do have the PasswordNeverExpires property enabeled, so no problem there. Does anybody know how this is possible?

    I also noticed that all our users who do have a 'userAccountControl' attribute, are in an administrator group. Could this have something to do with that? Our LDAP runs on a Windows 2008 server.

    Many thanks in advance,

  2. #2
    Join Date
    Dec 2007
    Posts
    1,736

    Re: Active Directory Users missing attribute

    Can you look in MMC options, Active Directory Users and Computers, from 2008 server, then there is an Advanced box in one of the menus. Once you enable that, you get an extra tab on each user, where you can see all the attributes in the list, so make sure. Then via ADSI Edit MMC you can look at the schema definition and see what the ldap name is. It is possible that the LDAP name is not quite what you would expect. Hope that helps you out.

  3. #3
    Join Date
    Mar 2012
    Posts
    6

    Re: Active Directory Users missing attribute

    Hi James,

    First of all, thank you so much for your help. I enabled the Advanced Features box like you said, and now i can see every attribute a user has.
    I've noticed that all our users do have an userAccountControl attribute, i just couldn't see them before.

    I'm still dealing with an issue though. My script can't retrieve those users from AD, of which i first couldn't see their UAC attribute. So i can retrieve the names of all administrators, but when i try to retrieve the name of a normal user, my script fails with an error (The directory property cannot be found in the cache). Perhaps you know what could be causing this?

    Many thanks in advance,
    Last edited by tim.creemers; 27-03-2012 at 02:11 PM.

  4. #4
    Join Date
    Nov 2011
    Posts
    659

    Re: Active Directory Users missing attribute

    I'm still dealing with an issue though. My script can't retrieve those users from AD, of which i first couldn't see their UAC attribute. So i can retrieve the names of all administrators, but when i try to retrieve the name of a normal user, my script fails with an error (The directory property cannot be found in the cache). Perhaps you know what could be causing this?
    Can you just post a small part of the script that is failing so that i can have a better idea of the issue you are facing and will try to help you with the same.

  5. #5
    Join Date
    Mar 2012
    Posts
    6

    Re: Active Directory Users missing attribute

    I just found the problem. In my script, i execute a query on our ldap. I didn't insert credentials in my adodb connection, causing the query to be executed by a default user, and this default user didnt have the required permissions to retrieve the users. So i inserted credentials of an admin user, and the problem was solved. Thanks everyone for looking into my problem!

Similar Threads

  1. Auditing users on Active Directory server
    By poke147 in forum Active Directory
    Replies: 3
    Last Post: 09-09-2014, 05:19 PM
  2. how add value to new attribute created in active directory
    By hiltonfg in forum Software Development
    Replies: 1
    Last Post: 14-12-2010, 07:15 AM
  3. Displaying expiry dates of users in Active Directory
    By jkinga in forum Windows Software
    Replies: 3
    Last Post: 05-03-2009, 02:32 AM
  4. Replies: 1
    Last Post: 09-10-2007, 02:23 AM
  5. Replies: 1
    Last Post: 18-05-2006, 01:31 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,631,024.37657 seconds with 16 queries