views:

217

answers:

3

I want to query my directory for all User objects that don't contain a value for a given attribute... I have kind of hacked it up looking for things without a specific value (the potential assigned values are small, so this mostly worked) - but I would really like to know if there is a way to actually query for the absence of an attribute... kind of analogous to a relational database null.

Here is the query I ended up using:

(&(objectClass=User)(!extensionAttribute1=A))

Any ideas how to write an LDAP query looking for objects where an attribute has not been defined? Is this even possible?

+2  A: 

(&(objectClass=User)(!extensionAttribute1=*))

Michael Morton
This did not work for me - I got back bad search filter
Goyuix
+1  A: 

It can not be done without script. I had the exact same question.
This link shows you how how do it with PowerShell: http://www.microsoft.com/technet/scriptcenter/resources/qanda/nov08/hey1117.mspx

JeffJak
A: 

We need a few more parens when doing this:

(&(objectClass=User)(!(extensionAttribute1=*)))

If you want to look for a particular attribute you need to remove some parens (removing the ! is not enough)

(&(objectClass=User)(extensionAttribute1=*))

JeffJak