I do not have access to the “employeeID” attribute of the “Active Directory” users through “C#”

Question

I do not have access to the "employeeID" attribute of the "Active Directory" users through "C#"

I do not have access to the "employeeID" attribute of the "Active Directory" users through "C#", I verified that the users have a value in the attribute "employeeID" from the same "Active Directory", but the code "C#" does not access to this attribute, I have also validated with the software "Softerra LDAP Administrator 2019.1" and it does not show it either.

The fact is that the client for whom I work has given me his VPN to access his network through Forticlient, and he has given me credentials to access his "Active Directory", I have succeeded in listing all the users and other general properties. , but I can not access the "employeeID" attribute.

class Program
    {
        static string ldapGeneral = "figssd.com.pe";
        static string ldapAD = "LDAP://112.128.123.18:3258/dc=figssd,dc=com,dc=pe";
        static string userAD = "saraoconner@figssd.com.pe";
        static string paswoordAD = "GDsds123";

        static void Main(string[] args)
        {
            LeerPropiedades();
            Console.WriteLine("Final");
            Console.ReadLine();
        }

        static void LeerPropiedades()
        {
            try
            {
                DirectoryEntry searchRoot = createDirectoryEntry();
                DirectorySearcher searcher = new DirectorySearcher(searchRoot, "(&(objectClass=user)(objectCategory=person))");
                searcher.PropertiesToLoad.Add("cn");
                searcher.PropertiesToLoad.Add("employeeID");
                searcher.SearchScope = SearchScope.Subtree;
                searcher.PageSize = 1000; // Setting the PageSize value to 1000 will return all objects.
                SearchResultCollection results = searcher.FindAll();

                int i = 0;

                foreach (SearchResult item in results)
                {
                    if (item.Properties["employeeID"].Count > 0)
                    {
                        Console.Write("/");
                        Console.WriteLine(Convert.ToString(item.Properties["employeeID"][0]));
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine("Error");
            }
        }
        static DirectoryEntry createDirectoryEntry()
        {
            DirectoryEntry ldapConnection = new DirectoryEntry(ldapGeneral);
            ldapConnection.Path = ldapAD;
            ldapConnection.Username = userAD;
            ldapConnection.Password = paswoordAD;
            ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
            return ldapConnection;
        }
}

Please someone who knows if it's a permissions issue?

Image of Active Directory Attribute :

Answer 1

I wonder if you're querying the Global Catalog?

You normally query a domain controller on ports 389 (for LDAP) and 636 (for LDAPS). This gives you access to all attributes for all objects in the domain . The Global Catalog (GC) has a subset of attributes for all users in the forest so can be useful when there are several domains in a forest. To query the GC, you use ports 3268 (for LDAP) and 3269 (for LDAPS) on a domain controller which is also a Global Catalog server.

employeeID is not normally replicated to the GC. You can check this using the 'Active Directory Schema' MMC SnapIn. Open the attribute Properties and look for Replicate this attribute to the Global Catalog.