Starting from Cayosoft Administrator version 10.3, the Suspend Tool was migrated to Administrator Service with significantly improved functionality. All default suspend configuration settings are now in the Administrator Console in the new 'Suspend Configurations' node, with one suspend configuration for each of the following object types:
- AD User;
- AD Group;
- AD Computer (New functionality);
- Microsoft 365 User.
This change does not affect the user experience for delegated administrators using the Web Portal to run Suspend and Undo Suspend operations. All Web actions and Web UI remain exactly the same except that the undo suspend operation can now be scheduled using the Undo Suspend Web Action.
All prior existing functionality is also available in the new Suspend version but with a significant expansion to most areas.
Modern Suspend rules and configurations work in a co-existence model with the legacy rules. This means that after upgrading to 10.3.0, legacy Suspend functionality keeps working as-is until you choose to switch over to modern Suspend functionality.
There is no upgrade procedure and switching over to the new Suspend functionality means you must manually redo your existing legacy Suspend rules and configurations. Previously suspended users can still be unsuspended, but you can no longer suspend users using legacy methods.
In order to switch over to modern Suspend, you need to set the 'Use modern suspend' setting to Yes in the Administrator Console in the Active Directory extension.
For Suspend upgrade details, please see this article: How suspend functionality works after the upgrade.
Creating custom Suspend Configuration
To create a custom Suspend Configuration, you should click +New > Suspend Configuration and select the template with the required object type. Specify the required settings.
Available Suspend Configurations
Each Suspend Configuration has a number of settings that are split into sections and should be customized based on your requirements. Here is the list of Suspend Configurations with links to corresponding documentation articles:
- AD User Suspend
- AD User Undo Suspend
- AD User Terminate
- AD Group Suspend
- AD Computer Suspend (New functionality)
- Microsoft 365 User Suspend
- Microsoft 365 User Undo Suspend.
Running a modern Suspend Configuration
- Each Suspend rule and Web Action has an option to select the Suspend Configuration that will be used during rule execution, for both AD and M365 objects.
- You can create multiple Suspend scenarios by selecting different configurations for different rules.
- The preconfigured default suspend configurations are set globally in the Administrator Console in the Home > Configuration > Connected Systems Extensions > Active Directory in the Cayosoft Suspend Default Configurations section. All default automation rules and Web Actions point to this global setting
- Instead of changing the global Suspend configuration setting, you can choose to customize the configuration on each of these levels:
- Virtual Admin Unit
- Web Query
- Individual Web Actions
- Individual Suspend automation rules.
New Suspend Functionality
AD User Suspend
- Change CN
- Exclude groups from removal during suspend
- Home folder processing
- Transfer group ownership
- Transfer subordinates
MS365 User Suspend
- Transfer subordinates
- Change M365 attributes
- Set manager for Forward address
- Delete inbox rules
- Delegate mailbox access
- Retire devices via Intune
Other new functionality
- Bulk Undo suspend rules
- AD Computer suspend
- Scheduled Operations (see below for details)
- Notifications (see below for details)
Scheduled Delayed Operations
Suspend Configurations have a Scheduled Delayed Operations section. In this section, you can add operations that will run during Suspend or a certain number of days after Suspend.
Each scheduled operation (including Scheduled Suspend\Undo Suspend) creates a Work Item that will be processed by the Process scheduled suspend operations rule. The Process scheduled suspend operations rule must be enabled and scheduled for this to work correctly. Canceling the scheduled operation will cancel all work items (they will appear in the Change History).
Scheduled Suspend operations available to all configuration types:
- Custom script - run a custom script when Suspend and Undo Suspend are executed.
Custom Script has two sections: one for the Suspend script, and another - for the Undo Suspend script.
Operations available in Active Directory Suspend Configurations:
- Relocate Object to OU - this operation will move objects in each managed domain according to the selected relocation OU.
- Delete AD Object - this operation will delete the suspended object and, optionally, the related Microsoft 365 object.
Operations available in Microsoft 365 User Suspend Configurations:
- Relocate to AU - this operation moves users in the tenant from all current Administrative Units to the selected Administrative Unit.
- Remove or replace license - this operation will remove all existing directly assigned licenses and optionally assign a new license to replace.
- Convert to Shared Mailbox - this operation will convert the user's mailbox to a shared mailbox.
- Put on litigation hold - this operation will enable litigation hold for the specified period.
- Delete Azure object - this operation will delete the suspended object and, optionally, skip the Microsoft 365 recycle bin.
Suspend Configurations have an Email Notification section. You can configure email notifications that will be sent based on events that are different for different Suspend Configurations. Each event has its own recipients, default subject, message, and drop-down options. It is possible to configure multiple messages per event.
Events that are available to all Suspend Configurations:
- On Suspend
- On Error
- On Scheduled Operation Suspend
- On Scheduled Operation Error.
Events that are specific to AD User Suspend Configurations:
- Access to Home Folder Provided.
Events that are specific to Microsoft 365 User Suspend Configurations:
- OneDrive Owner Changed
- Mailbox Delegates Added.
Events that are available for both AD User and Microsoft 365 User Suspend Configurations:
- Group Transferred
- Subordinates Transferred.
All Suspend operation details for all object types are now displayed in the Change History, even if Suspend was performed by an automation rule. Change History report for Suspend and Undo Suspend has a Summary section with operation status: OK, Error, Warning, and Canceled. Other sections correspond to the Suspend Configuration sections that allow easy troubleshooting.
New Automation Rules
The following Suspend rules have been added:
- AD Users | Suspend
- Text file | Suspend AD Users
- Import SQL Data | Suspend AD Users
- Import Oracle Data | Suspend AD Users
- AD Groups | Suspend
- AD Computers | Suspend
- Report on Suspended AD Objects and Scheduled Operations
- Suspend Computer web action
- Undo Suspend (Computer) web action
- AD Users | Undo Suspend
- AD Groups | Undo Suspend
- AD Computers | Undo Suspend
- Microsoft 365 User | Suspend
- Microsoft 365 User | Undo Suspend
- Text file | Suspend Microsoft 365 Users
- Import SQL Data | Suspend Microsoft 365 Users
- Import Oracle Data | Suspend Microsoft 365 Users
- Report on Suspended Microsoft 365 Users and Scheduled Operations
- Process scheduled suspend operations
|The functionality has been added to the product.