I’ve been with a customer recently and we’ve looked at data they had in their Active Directory. We were looking at using some of the data for Dynamic Access Control for claims-based access control. We had a list of attribute that contained viable data and were looking to see whether we could use the attributes for DAC. For this, we’d run a couple checks and see whether all users had a value set for the attribute we were looking at.
One of the attributes we ran the check for was the “title” attribute. We would see whether all users had a value for their “title” attribute. Doing this with ADFind, we ran two queries: (1) Check how many users we have and (2) Check how many users have the “title” attribute set with a value. Then, we would compare both numbers and see where we are at.