Admins may store sensitive information on AD object attributes to ease their work. However, since any domain user can read these attributes, storing passwords or secret keys could risk credentials theft and harm the infrastructure.
Any user within the organization can read attributes in most AD objects. IT administrators may use certain attributes to store sensitive information such as passwords, keys, and other credentials. To prevent potential exposure of valid credentials, they must avoid storing such sensitive information in object attributes.