Rule description
This rule queries suspended AD objects and scheduled suspend operations and returns the details about their current state. Does not include objects suspended by the legacy suspend process.
When to use this rule
Use this rule to get a report about suspended Active Directory objects and scheduled operations that were performed after the modern Suspend was enabled.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Object type |
Specify the object type for the rule scope:
|
Include objects |
Specify which objects should be included in the rule scope:
|
Include objects suspended by |
It is possible to select Suspend Configuration that was applied during object suspend. |
Suspended more than days ago |
Specify a number to include objects that were suspended more than this number of days ago. |
Suspended less than days ago |
Specify a number to include objects that were suspended less than this number of days ago |
Filter |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name. Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
More Options |
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
Sort by |
Sort result object list. |
Initialization script |
|
Script
|
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
10.3.0 |
The rule has been introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.