Troubleshooting Cayosoft Administrator modern suspend issues in specific domains or virtual admin units

Symptom

The "Undo Suspend" command in Cayosoft Administrator does not execute the Microsoft 365 portion of the process in specific Domains/Virtual Admin Units. As a result, the expected mail settings are not completed, and the report does not reflect that the Microsoft 365 actions were performed. This issue appears isolated to certain Domains/Virtual Admin Units, as other environments complete the process successfully. No errors are outputted, leading to confusion about the root cause.

Cause

The issue arises because the Microsoft 365 suspend action sometimes does not occur during the initial "Suspend" command. Consequently, when performing an "Undo Suspend," there are no Microsoft 365 changes to revert, so the report does not show any Microsoft 365 actions as completed.

Resolutions

1. Verify Domain/VAU settings:

   • Ensure that all settings in the Cayosoft Administrator Console are correctly configured to reference the appropriate Rule for the Domain/Virtual Admin Unit in question.

   • Compare the settings with a Domain/Virtual Admin Unit where the "Undo Suspend" command executes correctly to identify any discrepancies.

2. Check Office 365 suspend configuration:

   • Confirm that the Office 365 suspend configuration is specified for the "Suspend" command. If this step is missing or incorrectly configured, the Office 365 portion of the process will not run, leading to the observed behavior during "Undo Suspend."

3. Understanding cloud user search process:

   • When attempting to suspend or undo suspend actions on a cloud user, Cayosoft Administrator searches for the Azure user using the following matching criteria:

     1. Linked Mailbox: If the user is associated with a remote linked mailbox, Cayosoft Administrator replaces the current AD object with the linked mailbox AD object.

     2. Entra ID Object ID (msDS-ExternalDirectoryObjectId): The system attempts to extract the Entra ID Object ID from this AD attribute and retrieve the corresponding Entra ID user.

     3. ImmutableID Search: If the Entra ID user is not found using the previous step, the system tries to locate the Azure user using the ImmutableID or the AD user SID attribute with the filter:

        • OnPremisesSecurityIdentifier -eq 'XXXX'

        • OnPremisesImmutableId -eq 'XXX'

   • If successful, the corresponding Entra ID user is returned.