I have added the EmployeeID attribute to person class in MS active
directory schema. now I am tring to prevent authnticated users from
viewing this attribute/attribute value via ldap tools /ms toos like
ldp.exe but I need the ldap function to work with admin accounts to
view/edit the attrib.
I have tried to change via adsiedit/schema smap-in to deny read/write
for all users expet admin. but via ldap tool ldp.exe I still can read
EmployeeID value for my self and other users.

how can I prevent this from happening