Map Extra Attributes to ADDS LDAP Interface?

BrettSh 1 Reputation point

I have setup LDAPS by basically following these steps:

Plus, I have created a service account that allows me to extract user information. However, I haven't figured out how to add further attributes. In particular, I would like to add userPrincipalName and employeeId.

Any suggestions?

Thanks in advance.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,753 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,231 Reputation points

    @BrettSh You can use LDP.exe on the computer where you have installed AD DS Tools.

    1. Run Nltest /dsgetdc: command and copy the DC name from the output.
    2. Run LDP.exe and click on Connection > Connect > Paste the DCName, use Port 636 and select SSL checkbox.
    3. Click on bind under connection menu and login using your service account.
    4. Click on Browse menu > Search and specify the parameters as highlighted below. In the output you will get UPN and Employee ID.
      alt text


    Download ADFind.exe from and run below command:

    AdFind.exe -h DC_Name:636 -b cn=users,dc=your_domain,dc=your_domain_suffix -f "objectcategory=person" userprincipalname name employeeID

    Note: Instead of cn=users you can specify OU=your_OU_name to search within specific OU or just specify domain's DN to perform domain wide search.


    Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.