AD Users | Suspend Expired AD Users (Legacy)
IMPORTANT: The legacy Cayosoft Suspend™ configuration will be retired on June 1st, 2026. The legacy configuration will be removed in the product release following the retirement and will be no longer supported. The legacy Suspend rules will remain functional in older versions of Cayosoft Administrator with no support provided by Cayosoft. Migrate to the modern Suspend configuration before the retirement—refer to the following article for additional information on migration: Modern Suspend Configuration.
Overview
IMPORTANT: Starting from the version 10.3, Suspend Tool was migrated to the Cayosoft Administrator Console with significantly improved functionality. All default suspend configuration settings are now in the new Modern Suspend Configuration node.
This rule suspends expired Active Directory users according to current Cayosoft Suspend™ Settings. It could also suspend the related Microsoft 365 account if Suspend related Microsoft 365 user setting set to Yes.
NOTE: Requires Cayosoft® Suspend™ tool to be installed on the machine running the Cayosoft Administrator Service.
When to use this rule
Use this rule to get all user accounts, which are already expired in Active Directory, and to suspend them. You can specify the number of days after expiration.
To simultaneously suspend an Office 365 user account, linked to the suspended Active Directory account, set the Suspend™ related Office 365 user setting to Yes. Then configure the Office 365 user account suspend settings in the Suspend | Office 365 User and Guest rule (legacy).
Rule settings
Query section
NOTE: Usually this rule is used as a post-rule for New User Web Action. So by default Use Web Query Scope and ObjectGUID of User Created in Web UI values are used in the Limit scope and Account status settings.
| Setting name | Description |
|---|---|
| Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to a specific OU. IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature. |
| QUery criteria |
Query criteria are sent with the query and may improve query performance. TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings. |
| Days after expiration | Specify the number of days passed after the expiration. |
| More options | |
| Properties to display |
Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query. To display additional columns, add the required properties to the Properties to display list. To add extension attribute 1 that is synchronized from AD, you need to use a value like:
Copy
|
| Sort by | Sort result object list. |
| Filter |
Set the filtering conditions to hide unwanted data based on criteria not supported in the Query criteria setting. Example: filter by the found object Distinguished Name. TIP: For optimal performance, use the Query criteria setting above to filter objects whenever possible. |
Action section
| Settings name | Description |
|---|---|
| Default suspend settings |
It is possible to use default user suspend settings file or custom suspend settings file. To select custom suspend settings file, click the [...] button. Default User Suspend Settings File is the file specified in HOME > CONFIGURATION > Active Directory configuration, Cayosoft Suspend Policies section. |
| Suspend related Office 365 user | Set to Yes to suspend a matching Office 365 user account. Configure the Office 365 user account suspend settings in the Suspend | Office 365 User and Guest rule (legacy) rule. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 12.5.0 | The Suspend related Skype on-premises user setting has been deprecated. |
| 9.1.0 | Domain Controller and Credentials settings have been removed. |
| 7.3.0 | The rule supports mapping between Active Directory user account and Cloud user account by anchor attributes. |
Comments
0 comments
Please sign in to leave a comment.