Rule description
This rule queries the specified Active Directory scope and for each user returns details about their authentication methods for the corresponding cloud account.
When to use this rule
Use this rule to get the list of Active Directory users with details about their authentication methods for the corresponding cloud account.
Query Section
Setting name | Description |
---|---|
General Settings | |
Limit AD scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Query criteria Microsoft 365 query criteria |
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
Post-query filter Microsoft 365 filter |
To hide unwanted data based on criteria, not supported by the Active Directory and Microsoft 365 query criteria above, set the filtering conditions here. Example: Filter by the found object Distinguished Name. Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
Exclude MS365 disabled users |
This setting allows you to exclude Microsoft 365 disabled users from the rule scope or to include them. |
Exclude AD disabled users |
This setting allows you to exclude AD-disabled users from the rule scope or to include them. |
Other Query Settings |
|
Properties to display |
To display additional Microsoft 365 properties for each object found by the query, add those properties to the list. |
System properties |
List of properties required for this rule to be executed correctly. |
Sort by |
Sort result objects list. |
Limit result set |
The maximum number of users returned from Microsoft 365 by default is 2000. Tip: It is possible to change the default value in Microsoft Microsoft 365 extension settings.
|
MS Graph query condition (OData) |
By default, Query criteria are used. But when the MS Graph query condition is specified, it overrides the Query criteria setting. See this article for examples: How to use Query Builder dialog for Query Criteria and Filter rule settings – Cayosoft Help Center. |
Initialization script |
|
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
10.1.0 | The rule has been added to the product. |
Comments
0 comments
Please sign in to leave a comment.