At the domain level, make sure that the Default Domain policy allows all authenticated users to have Read rights to All Properties.
Expand Active Directory Users and Computers, right-click the domain name, then select Properties.
Select the Group Policy tab, click Properties, then select the Security tab.
Click Advanced.
Select Authenticated Users Special, then click View/Edit.
Under the Allow column, verify that the Read All Properties check box is checked.
The following figure illustrates this check box:
Click OK.