(Server 2008 R2) Active Directory returns the UID attribute (not the GUID) in Base64 instead of plain text?

Hello,

We have an application that makes use of an Active Directory (server 2008 R2) setup as its own forest and domain. We use it for an LDAP Directory and for DNS Services.

We create AD accounts in AD that have a particular UID value (e.g. uid=CN=\"My, Name\", OU=SOMEWHERE, O=YES, C=CA). NOTE: we're NOT using the AD GUID, rather the LDAP attribute UID.

Our application then executes an LDAP query on AD by filtering on the UID value to retrieve a specific AD account, and all its properties (i.e. the AD account status and group membership).

When the application executes the following LDAP Query, no results are found (I've executed that same query on the AD server itself, using ldifde, and nothing is returned):

- target DN:OU=SUBHERE,DC=XYZ,DC=LOCAL

- search scope: sub

- filter: ( & (objectClass=user) (uid=CN=\"My, Name\", OU=SOMEWHERE, O=YES, C=CA) )

- attributes to return: sAMAccountName,memberOf

ldifde -f testLDAP_loggedinuser.txt -s localhost -v -d "OU=SUBHERE,DC=XYZ,DC=LOCAL" -p SubTree -r "( & (objectClass=user) (uid=CN=\"My, Name\", OU=SOMEWHERE, O=YES, C=CA) )" -l "objectClass,sAMAccountName,memberOf"

> no entries found

And if I retrieve the AD account filtering on the sAMAccountNAme (instead of the UID), to see what value I have in the UID attribute, I'll get results but the UID will be outputed in Base64 encoding. I.e. I execute the following ldidfde:

ldifde -f testLDAP_filterAccountName.txt -s localhost -v -d "OU=SUBHERE,DC=XYZ,DC=LOCAL" -p SubTree -r "(&(objectClass=user)(samaccountname=my.account))" -l "objectClass,sAMAccountName,uid".

I will then get the output:

dn: CN=My Account,OU=SUBHERE,DC=XYZ,DC=LOCAL
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sAMAccountName: my.account
uid:: Q049Ik15LCBOYW1lIiwgT1U9U09NRVdIRVJFLCBPPVlFUywgQz1DQQ==

Could someone share some lights on this?

Is there a configuration settings I'm missing on AD to enable querying on UID attribute?

NOTE: We have setup a 2nd AD (forest/domain) the same way on a different server, for testing purposes. And all is working as expected (application is retrieving the AD account, and if I execute the above ldfifde queries I get a UID in plain text). But this new environment we're in now doesn't behave the same  and I can't figure out what is different between them. Any help would be appreciated.

Thanks,

Captain