Windows Server - Missing "memberof" ldap attribute

Asked By Chris

20-Nov-09 04:36 PM

We have users that are missing the "memberof" ldap attribute when they belong
to domain security groups. If you look in the ADUC, it shows the user is a
member of multiple groups. When you look at the users LDAP attributes (using
3rd party tool Softera LDAP browser), the "memberof" attribute is missing
alltogether. Any ideas what might be happening? I do not see any errors in the
event logs.

I have domain admin permissions and that has no effect on whether it shows
or not. I have also created new ID's and it also has the same issue.

thanks,
Chris

Windows Server Active Directory Discussions

SAMAccountName
(1)

Directory
(1)

Softera
(1)

Windows
(1)

Ather
(1)

Lab
(1)

Useraccountcontrol
(1)

Memberships
(1)

Richard Mueller [MVP] replied to Chris

20-Nov-09 06:06 PM

I am not familiar with the Softera browser. What do you see when you use Joe
Richards' free adfind utility. For example, for user with "pre-Windows 2000
logon" name jsmith:

adfind -default -f "(sAMAccountName=jsmith)" memberOf

Note that the number of values in the memberOf attribute will always be one
less than the number of direct group memberships shown in ADUC, because the
user is a member of only their "primary" group, the memberOf attribute has
no values and technically nothing is saved in AD, so perhaps it appears
there is no memberOf attribute. Ather tools you can use are ADSI Edit and
ldp.exe.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Chris replied to Richard Mueller [MVP]

25-Nov-09 04:59 PM

Richard,

I used the tool and it does list the memberOf groups correctly. But we have
some third party apps that are not working correctly. I believe that when
these apps query for the LDAP attributes, it is not finding them
(specifically memberOf).

So when i used (Softera ..which is free) I see that the memberOf attribute
is missing. I also have since found out that the useraccountcontrol is also
not listed.

I found an instance in which you responded to someone else having a similar
issue.

This is how they fixed the problem:

The group Authenticated Users needs the permission Read to be set to
'Allow'. All the users objects we have been missing from our query results do
not have this permission set. When this permission is set correct they
appear in the results.


Might this be my issue and how would I verify this. I am looking in the ADUC
with Advanced Features and this group is set. Is it something else?

Simple Active Directory Directory Sharing Problem Windows Server

Simple Active Directory Directory Sharing Problem Windows Server This has got to be simple, but I've yet to at which point, of course, everyone has access. What am I missing? Windows 2000 Active Directory Discussions Active Directory (1) LearnQuick (1) USERName (1) DOMAINN (1) CACLS (1) NTFS (1) MCSE (1) MVP (1 Herb Martin, MCSE, MVP http: / / www.LearnQuick.Com (phone on web site) keywords: Simple, Active, Directory, Directory, Sharing, Problem description: This has got to be simple, but I've yet to figure

Difference between Active Directory and Directory. Windows Server

Difference between Active Directory and Directory. Windows Server Hi, I need to know, what is difference between direcotry and active directory. Regards Sohail Windows Server Active Directory Discussions Active Directory (1) SohailRE (1) MCTS (1) MCSE (1) IBM (1) IL (1) AD (1) Directory (1) Sohail, Your question isn't all that clear, so here goes: When people generally talk about the directory in the windows world these days, they are usually talking about the Active Directory. Sometimes it is used in a more general sense to refer to enterprise directories as

Books on Windows 2003 Server Active Directory Windows Server

Books on Windows 2003 Server Active Directory Windows Server Any recommendations on some of the best books to buy for learning / fixing issues in Active Directory. (2003) Active Directory Cookbook Active Directory both by Robbie Allen. Are they any good. Thanks, Windows Server Active Directory Discussions Active Directory (1) Windows Server (1) AD (1) ADAM (1) MVP (1) LDAP (1) NET (1) ADSI 1) Yes, those two books are great. Ensure you get the 3rd edition of Active Directory which was massively updated by Joe Richards. There's also a 2nd Ed. of the 1st ed. The other book you must get is Kouti and Seitsonen's Inside Active Directory 2nd Ed. That is an awesomly technical book. - - Paul Williams Microsoft MVP - Windows Server - Directory

Directory upgrade Windows Server

Directory upgrade Windows Server Is it necessary to upgrade the Directory Services (Active Directory)? Windows Server Active Directory Discussions Windows Server (1) Active Directory (1) INFORMATION (1) BLOG (1) MpfoHHA (1) MSFTNGP (1) HELPS (1) RSS (1) depends on features, that you're better off waiting for Win2k8. - - Paul Williams Microsoft MVP - Windows Server - Directory Services http: / / www.msresource.net | http: / / forums.msresource.net keywords: Directory, upgrade description: Is it necessary to upgrade the Directory Services (Active Directory)?