Articles in this section

Print

New Suspend Configuration

  • Updated
Follow

Content: 

Overview

Starting from Cayosoft Administrator version 10.3, the Suspend Tool was migrated to Administrator Service with significantly improved functionality. All default suspend configuration settings are now in the Administrator Console in the new 'Suspend Configurations' node, with one suspend configuration for each of the following object types: 

  1. AD User;
  2. AD Group;
  3. AD Computer (New functionality);
  4. Microsoft 365 User.

Configs.png

This change does not affect the user experience for delegated administrators using the Web Portal to run Suspend and Undo Suspend operations. All Web actions and Web UI remain exactly the same except that the undo suspend operation can now be scheduled using the Undo Suspend Web Action. 

All prior existing functionality is also available in the new Suspend version but with a significant expansion to most areas.

Modern Suspend rules and configurations work in a co-existence model with the legacy rules. This means that after upgrading to 10.3.0, legacy Suspend functionality keeps working as-is until you choose to switch over to modern Suspend functionality.

Note 1: Legacy Suspend functionality will eventually be deprecated. The exact date will be communicated at a later time.   

There is no upgrade procedure and switching over to the new Suspend functionality means you must manually redo your existing legacy Suspend rules and configurations. Previously suspended users can still be unsuspended, but you can no longer suspend users using legacy methods.

In order to switch over to modern Suspend, you need to set the 'Use modern suspend' setting to Yes in the Administrator Console in the Active Directory extension.

Note 2: For new installations, this setting is set to 'Yes' by default. For installations upgraded to 10.3 or above this setting is set to 'No' by default. 

For Suspend upgrade details, please see this article: How suspend functionality works after the upgrade.

modernsuspend.png

 

Creating custom Suspend Configuration

To create a custom Suspend Configuration, you should click +New > Suspend Configuration and select the template with the required object type. Specify the required settings.

 

Available Suspend Configurations

Each Suspend Configuration has a number of settings that are split into sections and should be customized based on your requirements. Here is the list of Suspend Configurations with links to corresponding documentation articles:

  1. AD User Suspend
  2. AD User Undo Suspend
  3. AD User Terminate
  4. AD Group Suspend
  5. AD Computer Suspend (New functionality)
  6. Microsoft 365 User Suspend
  7. Microsoft 365 User Undo Suspend.

 

Running a modern Suspend Configuration

  1. Each Suspend rule and Web Action has an option to select the Suspend Configuration that will be used during rule execution, for both AD and M365 objects. 
  2. You can create multiple Suspend scenarios by selecting different configurations for different rules.
  3. The preconfigured default suspend configurations are set globally in the Administrator Console in the Home > Configuration > Connected Systems Extensions > Active Directory in the Cayosoft Suspend Default Configurations section. All default automation rules and Web Actions point to this global setting 
  4. Instead of changing the global Suspend configuration setting, you can choose to customize the configuration on each of these levels:
    1. Virtual Admin Unit
    2. Web Query
    3. Individual Web Actions
    4. Individual Suspend automation rules.

SelectConfig.png

ConfigLists.png

Note: In order to create multiple delegated Suspend flows e.g. one for temporary leave and one for termination, please copy the existing "Suspend User" (Group, Computer)  action, rename it to suit your scenario, link to the required configurations, and then add a this copied Web Action to the relevant Web Queries. Check out the following article for instructions on adding and modifying Web Actions: How to add, remove, or re-arrange Web actions within a Web Query.

New Suspend Functionality

Summary

AD User Suspend

  • Change CN
  • Exclude groups from removal during suspend
  • Home folder processing
  • Transfer group ownership
  • Transfer subordinates

MS365 User Suspend

  • Transfer subordinates
  • Change M365 attributes
  • Set manager for Forward address 
  • Delete inbox rules 
  • Delegate mailbox access
  • Retire devices via Intune

Other new functionality

  • Bulk Undo suspend rules
  • AD Computer suspend 
  • Scheduled Operations (see below for details)
  • Notifications (see below for details)

Scheduled Delayed Operations

Suspend Configurations have a Scheduled Delayed Operations section. In this section, you can add operations that will run during Suspend or a certain number of days after Suspend. 

Each scheduled operation (including Scheduled Suspend\Undo Suspend) creates a Work Item that will be processed by the Process scheduled suspend operations rule. The Process scheduled suspend operations rule must be enabled and scheduled for this to work correctly. Canceling the scheduled operation will cancel all work items (they will appear in the Change History).

Scheduled Suspend operations available to all configuration types:

  1. Custom script - run a custom script when Suspend and Undo Suspend are executed.

Operations available in Active Directory Suspend Configurations:

  1. Relocate Object to OU - this operation will move objects in each managed domain according to the selected relocation OU. 
  2. Delete AD Object - this operation will delete the suspended object and, optionally, the related Microsoft 365 object. 

Operations available in Microsoft 365 User Suspend Configurations:

  1. Relocate to AU - this operation moves users in the tenant from all current Administrative Units to the selected Administrative Unit. 
  2. Remove or replace license - this operation will remove all existing directly assigned licenses and optionally assign a new license to replace.
  3. Convert to Shared Mailbox - this operation will convert the user's mailbox to a shared mailbox.
  4. Put on litigation hold - this operation will enable litigation hold for the specified period.
  5. Delete Azure object - this operation will delete the suspended object and, optionally, skip the Microsoft 365 recycle bin. 

 

Notifications

Suspend Configurations have an Email Notification section. You can configure email notifications that will be sent based on events that are different for different Suspend Configurations. Each event has its own recipients, default subject, message, and drop-down options. It is possible to configure multiple messages per event. 

Events that are available to all Suspend Configurations:

  1. On Suspend
  2. On Error
  3. On Scheduled Operation Suspend
  4. On Scheduled Operation Error.

Events that are specific to AD User Suspend Configurations:

  1. Access to Home Folder Provided.

Events that are specific to Microsoft 365 User Suspend Configurations:

  1. OneDrive Owner Changed
  2. Mailbox Delegates Added.

Events that are available for both AD User and Microsoft 365 User Suspend Configurations:

  1. Group Transferred
  2. Subordinates Transferred.

 

Change History

All Suspend operation details for all object types are now displayed in the Change History, even if Suspend was performed by an automation rule. Change History report for Suspend and Undo Suspend has a Summary section with operation status: OK, Error, Warning, and Canceled. Other sections correspond to the Suspend Configuration sections that allow easy troubleshooting. 

ch.png

 

New Automation Rules

The following Suspend rules have been added: 

  1. AD Users | Suspend
  2. Text file | Suspend AD Users
  3. Import SQL Data | Suspend AD Users
  4. Import Oracle Data | Suspend AD Users
  5. AD Groups | Suspend
  6. AD Computers | Suspend
  7. Report on Suspended AD Objects and Scheduled Operations
  8. Suspend Computer web action
  9. Undo Suspend (Computer) web action
  10. AD Users | Undo Suspend
  11. AD Groups | Undo Suspend
  12. AD Computers | Undo Suspend
  13. Microsoft 365 User | Suspend
  14. Microsoft 365 User | Undo Suspend
  15. Text file | Suspend Microsoft 365 Users
  16. Import SQL Data | Suspend Microsoft 365 Users
  17. Import Oracle Data | Suspend Microsoft 365 Users
  18. Report on Suspended Microsoft 365 Users and Scheduled Operations
  19. Process scheduled suspend operations

 

Change History

Version Notes
10.3.0 The functionality has been added to the product.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.