How to remove values in eTADSPayload (Extended Attributes)

Document ID : KB000015835
Last Modified Date : 27/02/2019
Show Technical Document Details

In a termination/offboarding use case, Active Directory accounts must be closed off but not deleted for future rehire. One of the actions in the process is to remove values of the extended attributes in payload.

An existing AD account contains those above values:



The eTADSPayload would look like this in Provisioning Directory:



How to remove those values?


IM R12.6 SPx, 14.x . Information in this techdoc is tested on R12.6 SP2, 14.1, 14.2.


Those attributes cannot be removed but can be reset to a blank value using Policy Xpress (PX). Here is the story:

1. Create a PX that is triggered in a certain condition. In this techdoc, disabling a corporate user will fire the PX to re-set their account's payload

Select an appropriate event to trigger the PX, for example:



Create relevant data elements to use in Action Rules, for example:


Set appropriate conditions to invoke action rules, for example, userID contains "test" string and has disable status (=1).




Add an Action Rule to reset the payload with blank values:


On 14.x the format has changed, you should use the following format instead:


Put the above data in the Value field of the payload:



Save the PX.

2. Run a task to trigger the condition for the PX to fire. Verify that the attributes msExchPoliciesExcluded, msExchRemoteRecipientType, and msExchUsageLocation are set to <not set> in AD.

Additional Information:
There is a known bug on 14.x, which is recorded in DE401939, where all extended attributes in schema.ext are deleted with above-mentioned configured PX policy. At the time this article is written, this bug hasn't been listed in Release Notes document ( You may raise Support Call Ticket to get the fix.