How Can I Set an Active Directory Attribute Value to NULL?


Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I set an Active Directory property to NULL? I tried setting the value to an empty string (“”) but it didn’t work.

— JJ

SpacerHey, Scripting Guy! AnswerScript Center

Hey, JJ. You know, it’s not like the Scripting Guys to get philosophical; one of the Scripting Guys, for example, bases his entire life on this credo: never answer the phone early on Saturday morning. (His reasoning is fairly straightforward: if it’s important, they’ll call back. And if it’s not important, then why the heck are they calling early on Saturday morning?!?!) That’s about as deep as the Scripting Guys ever get.

For better or worse, though, we have to get a little philosophical – and maybe even a little metaphysical – when trying to answer this question. The problem you are running into is the fact that while you might think an empty string (“”) is nothing, scripting languages tend to see an empty string as something. For example, suppose you set User A’s telephone number to an empty string. You then run a script that retrieves a list of all the users who have telephone numbers. Guess who shows up in that list? That’s right: good old User A. That’s because, in the crazy world of scripting, User A actually has a telephone number; it’s just that his telephone number happens to consist of an empty string. (Yes, sort of a sound-of-one-hand-clapping thing.)

If you want to get rid of an attribute value altogether you have to set the value of that attribute to NULL. And in Active Directory the best way to do that is to use the PutEx method and clear the value. Let’s show you a script that truly does set a user’s telephone number to nothing (NULL) and then we’ll explain how it works:


Set objUser = GetObject _ (“LDAP://cn=ken myer, ou=finance, dc=fabrikam, dc=com”)

objUser.PutEx ADS_PROPERTY_CLEAR, “telephoneNumber”, 0 objUser.SetInfo

We begin by defining a constant named ADS_PROPERTY_CLEAR and setting the value to 1; we’ll use this later in the script to tell the PutEx method the kind of operation we want to carry out. (PutEx has additional uses beyond clearing attribute values; for more information, check out the ADSI Scripting Primer in the Microsoft Windows 2000 Scripting Guide.) We then bind to the desired user account, in this case the Ken Myer account found in the Finance OU of

Next we use these two lines of code to completely erase Ken Myer’s telephone number:

objUser.PutEx ADS_PROPERTY_CLEAR, “telephoneNumber”, 0

As you can see, we call the PutEx method and pass it three parameters: 1) the constant ADS_PROPERTY_CLEAR which, again, indicates the operation we want to perform; 2) telephoneNumber, the attribute we want to clear; and 3) 0, a parameter required any time you clear an attribute. We then call the SetInfo method to write the changes back to Active Directory. If you re-run the script that retrieves a list of users who have phone numbers, Ken Myer will no longer appear in the list. That’s because he no longer has a phone number, not even one consisting of an empty string.


Discussion is closed.

Feedback usabilla icon