I have a problem with newly created users. When I add the user to a domain security group, it shows to be ok through ADUC. But when i view the user attributes with an LDAP viewer (Softera LDAP browser), the "memberof" attribute isn't listed. So I then checked a few other users and noticed it was missing there as well. It exists for some users but not others. Is there any reason why this attribute would be missing? I have domain admin rights and can't seem to figure out why some have the attribute and others don't.

First are you connecting to the Same DC for both ADUC and the LDAP browser? Make sure to specify the same DCs for direct comparison.More information:1) The memberOf attribute is only present if the user is a member of a Group in addition to the users PRIMARY Group.2) The users Primary Groupis stored in the primaryGroupID attribute as a number (the relative ID of that group - 513 by default).3) The Domain Users group is the default Primary Group, if this is the only group a user is a member of, then the memberOf attribute will not exist. Add the user to another group.4) Replication...make sure to conect to the same dc for comparison, or force replication.

So when i used (Softera ..which is free) I see that the memberOf attribute is missing. I also have since found out that the useraccountcontrol is also not listed. It doesn't matter what DC you connect to, they all show the same behaviour. The reason this attribute is relevant is because when you integrate 3rd party apps, they are unable to view group membership. And because group membership cannot be read, permissions are not working like they should.This is how I fixed the problem:The group Authenticated Users needs the permission Read to be set to 'Allow'. All the users objects we've been missing from our query results do not have this permission set. When this permission is set correct they appear in the results. When I went back to using the LDAP browser from Softera, it now returns the attributes that were previously missing.So somewhere along the way, someone modified the default attributes for AD (not knowing what the ____ they were doing, just that the everyone group was listed and decided to take it out) and that is what caused the issue.