Skip to main content

Articles in this section

See more
Print

Import SQL Data | Suspend AD Users rule

  • Updated

 

 

Rule description

This rule queries the specified Microsoft SQL data source and suspends matching Active Directory user accounts according to the settings specified in the provided AD User Suspend configuration. 

Note: This rule works only if 'Use modern suspend' is set to 'Yes' in the Administrator Console in the Active Directory extension.

 

When to use this rule

Use this rule when you need to suspend Active Directory user accounts based on the data in the external data source, for example, the HR system.

 

Rule Settings

Query Section

Setting name Description

Limit Scope to this Domain or OU

 

This setting defines the search query scope.

To improve query performance, limit the scope to specific OU.

Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.

SQL Instance

 

Specify the name of the SQL Instance as defined in the Utils Extension SQL Server configuration. Using the Default SQL Instance setting will retrieve the current setting from the SQL Connection settings of the Utils extension.

Note: For more information, please see the Connecting to Microsoft SQL Server data source article.

SQL Database Name

Specify database name from selected SQL Instance.

SQL Table

Specify SQL Table or View from the selected database. Click the [...] button to display a list of tables from which to choose.

SQL Credentials

Specify the database from the data source SQL Instance. Click the [...] button to enter SQL Credentials.

Note: Cayosoft Administrator does not support Windows Authentication for connecting to a Microsoft SQL Server database. The database connection must use SQL Server Authentication, where the credentials (username and password) are created and managed within SQL Server itself. Mixed Mode refers to the SQL Server configuration that allows both SQL Server Authentication and Windows Authentication, but only SQL Server Authentication is supported by Cayosoft.

Data Source Filter

You can use the point-and-click filter builder for the specified data source.

Note: If the 'Where' Clause is also specified, it will be applied and the 'DataSource Filter' will be ignored.
More options  

Return These SQL Columns

 

Specify columns returned by the data source.

Where Clause

Define a WHERE statement in the SQL query sent to the data source to limit the rows returned by SQL Server.

Returned Properties

Select properties to display for each object found by the query.

Filter

 

Set the filtering conditions to only return objects or data that need to be processed by the rule.

Example: filter by Name column.

 
Sort by Specify a column to sort the result objects list.

Data Source Anchor attribute

 

Select the column in the data source that will be used to find a matching user account in Active Directory and suspend a matching account.

The value of this column in the data source is compared to the Active Directory Anchor Attribute value in the Active Directory.

Active Directory Anchor attribute

 

Select the attribute in the Active Directory to compare the Data Source Anchor attribute when searching for a matching user account. 

Initialization Script

 

Initialization script

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. 

Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>. 

Example: Update AD users, created in the last ten days.

  1. Add this initialization script:
{$global:DatePeriod = (Get-Date).AddDays(-10)}
  1. Use $DatePeriod variable in query criteria builder:

 

 

Action Section

Setting name Description
AD Suspend configuration 

Specify the existing AD User suspend configuration that should be applied during the object suspend.

It is possible to use the default AD User Suspend configuration or create a custom Suspend configuration.
Microsoft 365 Suspend configuration Select an existing Microsoft 365 Suspend configuration that will be used to suspend related Microsoft 365 user accounts.  

 

Output Section

This section defines the output format of this rule.

To get more information about this section, please see the Output section article.

 

Enforce/Schedule section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Enforce/Schedule section article. 

 

 

Change History

Version Notes
10.3.0

The rule has been introduced in the product.

 

© Copyright 2013-2025 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.