ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB976063

When you run an LDAP query against a Windows Server 2008-based domain controller, you obtain a partial attribute list

When you run a Lightweight Directory Access Protocol (LDAP) query against a Windows Server 2008-based domain controller, you obtain a partial attribute list. However, if you run the same LDAP query against a Windows Server 2003-based domain controller, you obtain a full attribute list.

Note: You can run this query from the domain controller or from a client computer that is running Windows Vista or Windows Server 2008.

The user account that you use to run the LDAP query has the following properties:

  • The account is a member of the built-in Administrators group.
  • The account is not the built-in administrator account.
  • The account is a member of the Domain Admins group.
  • The discretionary access control list (DACL) of the user object contains full control permission for the Administrators group.
  • The effective permissions of the object that you query against shows that the user has full control permission.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB976063.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts