Hi Experts,
I have an Identity attributes mapped to AD source custom attribute. I have switched to another Identity attribute to be mapped to same AD custom attribute now. The new Identity attribute is having values for one set of users and Null for remaining users.
Here I am facing an issue that for the users who has Null in New Identity attributes, ISC is not removing the value and make it as Null
Hello @vsekar7 ,
Unless you didn’t enable attribute sync in AD connector for the new identity attribute with the AD attribute, it should be replaced.
The Null value isn’t synchronized only when the AD attribute is Null or an empty string ““.
Can you please provide more details, with the names of the identity attributes (not necessarily originals), the AD attribute, in order to understand better the flow
Did you enable attribute sync for the new identity attribute in AD ?
Thank you in advance for your answers
YA
Hi @aghzere ,
We are using a transform code to calculate the stop date for Contractors/Employees in ISC and we are using the transform in our AD create/update provisioning policy & we are not using the transform to update in Identity attribute and then using attribute in AD source
Hello @vsekar7 ,
Here is what I understood; You have an AD account attribute that uses transform in provisioning policy for both create and update operations.
Then the identity attribute gets its value from the AD account attribute (No transform in identity Profile for that identity Attribute).
Can you share with me the object of the AD account attribute in the provisioning policies (including the transform) for UPDATE usecase, please ?
Thank you in advance
Hi @vsekar7,
Have you enabled attribute sync for the attribute ?
Hi @vsekar7
The reason AD isn’t getting cleared is that your “null” is coming from a transform in the AD provisioning policy, not from an Identity Attribute mapped in the Identity Profile. In that setup, null often means “no attribute request sent,” so AD retains the existing value. 
The most reliable fix is to move the transform into an Identity Attribute mapping (Identity Profile), map that Identity Attribute directly in the AD Create Account definition, enable Attribute Sync for the AD attribute, then run a one-time bulk Sync. Attribute Sync explicitly supports propagating null values when the Identity Attribute is set to null by the profile mapping. 
If you must keep the logic only in provisioning policy, then you’ll need a Before Provisioning Rule to force a “clear” operation into the provisioning plan when the computed value is null.
Check please those