I had an interesting conversation with a fellow commuter yesterday. They were discussing how to integrate applications with Active Directory and how “hard” it was finding null values. I thought that was interesting so I piped in that the value isn’t really null, the attribute just doesn’t exist. The looks I got back told me volumes about what these guys didn’t know, and how they felt about what I thought I knew.

After the end of the ride, I still hadn’t convinced them that I was right. That Active Directory isn’t like a database where both the rows and columns have data or they don’t. If an object doesn’t have a value for the attribute, it just doesn’t exist. The number of times I’ve had this discussion over the years has decreased, but still some folks working with AD are unaware of it.

This unawareness came glaring out at me a few months ago as well. I am a recent convert to C# and was concocting some really cool code to get my feet wet. I mean this thing was better than sliced beard! Not really but it was cool for me to get something in C# running, although I had used C++ many years ago. A colleague looking over my shoulder blatantly pointed out that my code is flawed. FLAWED!!!! How?? “It didn’t pull all the attributes, anyone can see that.”

I am sure I had that deer in the headlights look. As we went into a discussion about what is and what isn’t always stored I soon realized that I was getting nowhere. Therefore, I suggested that we look at that object with LDP (one of Microsoft’s LDAP tools). He agreed and soon had a greater awareness of how Active Directory works.

I hope that the guys that were on the bus realize that too by now. The primary reason I believe that null attributes aren’t stored is that they take up space and as a result, lower performance. Microsoft implementation of LDAP can be bloated sometimes already, so anywhere we can save space is good.

As for my C# adventures, they are ongoing, stepping in tune to me trying to use PowerShell for all my day-to-day chores. Stay tuned!