Map Extra Attributes to ADDS LDAP Interface?

BrettSh 1 Reputation point
2019-12-11T02:33:46.087+00:00

I have setup LDAPS by basically following these steps:

https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

Plus, I have created a service account that allows me to extract user information. However, I haven't figured out how to add further attributes. In particular, I would like to add userPrincipalName and employeeId.

Any suggestions?

Thanks in advance.

BrettSh

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,762 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,231 Reputation points
    2019-12-13T08:15:50.587+00:00

    @BrettSh You can use LDP.exe on the computer where you have installed AD DS Tools.

    1. Run Nltest /dsgetdc: command and copy the DC name from the output.
    2. Run LDP.exe and click on Connection > Connect > Paste the DCName, use Port 636 and select SSL checkbox.
    3. Click on bind under connection menu and login using your service account.
    4. Click on Browse menu > Search and specify the parameters as highlighted below. In the output you will get UPN and Employee ID.
      alt text

    OR

    Download ADFind.exe from http://www.joeware.net/freetools/tools/adfind/ and run below command:

    AdFind.exe -h DC_Name:636 -b cn=users,dc=your_domain,dc=your_domain_suffix -f "objectcategory=person" userprincipalname name employeeID

    Note: Instead of cn=users you can specify OU=your_OU_name to search within specific OU or just specify domain's DN to perform domain wide search.

    -----------------------------------------------------------------------------------------------------------

    Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.