An application to work needs sAMAccountName attribute populated. But I also want to have this LDS instance to be a synced subset of the AD DS catalog. The synchronization works unless I try to sync this attribute too. I have figured out that userProxyFull has this attribute missing from user (among others of course).
I have manually modified the schema userProxyFull with the schema editor and added this attribute as an optional one. I have also restarted the LDS instance. The synchronization completes, there is no error in the log, and I have such entries that should mean the attribute is synchronized:
Processing Entry: Page 1, Frame 1, Entry 69, Count 1, USN 0 Processing source entry <guid=a6c70d306402384fb002bdb96b227fff> Processing in-scope entry a6c70d306402384fb002bdb96b227fff. (sourceobjectguid=\a6\c7\0d\30\64\02\38\4f\b0\02\bd\b9\6b\22\7f\ff) exists in target. Converting object creation to object modification. Renaming target object CN=Operator 1,OU=SCADA,DC=zenon,DC=local to CN=Operator 1,<GUID=6ac9bd3146955e43bade7381afa2c37a>. Modifying attributes: displayName, sAMAccountName, userPrincipalName, lastagedchange, Previous entry took 0 seconds (0, 0) to process
However, I can't find the sAMAccountName attribute with ADSI in the target user objects, only in the group objects. What am I doing wrong?
[Update]
It seems to be a tooling problem, as Sysinternal's ADExplorer lists the attribute.
The new question is: is there a more "canonical" way to transfer the sAMAccountName attribute than what I have done?
