Missing Attribute from Active Directory

Document ID : KB000009042
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We have an Active Directory user store using the LDAP namespace.  Everything is working as expected, except one of the user attribute values is being set to null in responses despite that attribute existing with a value for all AD users.

Environment:
All support releases of Single Sign On Policy ServerActive Directory user stores
Cause:

The user store was configured to use port 3269, which is the Global Catalog port.  By default, not all user attributes are replicated to Global Catalog, and thus this particular user attribute was not available when connecting to the Global Catalog port.

Resolution:

Either configure Active Directory to replicate this attribute to the Global Catalog, or use the default LDAP port (636 for secure connections) instead of the Global Catalog port.