You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/windows-security/confidential-attributes-unexpected-behavior-using-windows-server-2025-dc.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,9 +20,9 @@ This article discusses new requirements for using LDAP clients to access confide
20
20
21
21
When you search for or edit Active Directory Domain Services (AD DS) objects, you notice the following behaviors:
22
22
23
-
- When you run a Lightweight Directory Access Protocol (LDAP) search request against a Windows Server 2025-based DC, the resulting attribute list doesn't include confidential attributes. However, if you run the same LDAP query against a Windows Server 2022-based DC (or a DC that runs an older version of Windows Server), you obtain a full attribute list in the response.
23
+
- When you run a Lightweight Directory Access Protocol (LDAP) search request against a Windows Server 2025-based DC, the resulting attribute list doesn't include confidential attributes. However, if you run the same LDAP query against a DC that runs on Windows Server 2022 or earlier, you obtain a full attribute list in the response.
24
24
25
-
- When you run an LDAP update request that adds or modifies confidential attribute values against a Windows Server 2025-based DC, the update request fails and returns an `INSUFF_ACCESS_RIGHTS` error. If you run the same LDAP update request against a Windows Server 2022-based DC (or a DC that runs an older version of Windows Server), the update request succeeds.
25
+
- When you run an LDAP update request that adds or modifies confidential attribute values against a Windows Server 2025-based DC, the update request fails and returns an `INSUFF_ACCESS_RIGHTS` error. If you run the same LDAP update request against a DC that runs on Windows Server 2022 or earlier, the update request succeeds.
26
26
27
27
### Example - Search results omit confidential attributes
28
28
@@ -48,7 +48,7 @@ Writing out entries.
48
48
49
49
However, when you review the exported list, you find the "cn" attribute but not the "ms-Mcs-AdmPwd" attribute.
50
50
51
-
When you target the query to a DC that runs an older version of Windows, the resulting exported list includes both "cn" and "ms-Mcs-AdmPwd."
51
+
When you target the query to a DC that runs an earlier version of Windows, the resulting exported list includes both "cn" and "ms-Mcs-AdmPwd."
52
52
53
53
The following table summarizes the behavior across different client and server versions.
0 commit comments