Rule description
This rule suspends the specified Active Directory groups according to the current AD Group Suspend Configuration.
When to use this rule
Use this rule to suspend the specified Active Directory groups. You should limit the maximum number of groups to suspend in the selected scope.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU.
Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Query criteria |
Query criteria are sent with the query and may improve query performance.
Tip: For different samples on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings – Cayosoft Help Center.
|
Filter |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name.
Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
Maximum number of groups |
Specify the maximum number of groups to suspend in the selected scope. |
Other Query Settings |
|
System properties |
List of properties required for this rule to be executed correctly. |
LDAP filter |
Set the filtering conditions to only return objects or data that need to be processed by the rule. This filter will override the Query criteria setting. |
Sort by |
Sort result object list. |
Map to Text File |
|
Select data source
|
Specifies the text file to be imported. The […] button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
Separator used in file |
Specify the separator that is used in the CSV file. |
Data source anchor attribute |
Select a column in the data source that contains the attribute value for identifying and mapping a group. |
Group Filters |
|
Group category | Specify group category. |
Group scope | Specify group scope. |
DisplayName or Name starts with | Specify the first letters or symbols of group Name or DisplayName. |
Number of members less than or equal to | Filtering by the number of members requires loading per-group user properties and will decrease rule performance if used. |
Initialization Script |
|
Initialization script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria.
Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Action Section
Setting name | Description |
---|---|
AD Suspend configuration |
Specify the existing AD Group suspend configuration that should be applied during the object suspend. It is possible to use the default AD Group Suspend configuration or create a custom Suspend configuration. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
10.3.0 |
The rule has been introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.