Rule description
Inactive Active Directory Users are users who have not logged on in more than the specified number of days - OR - who have not changed their passwords in more than the specified number of days. Inactive User accounts are often unnecessary and can be safely deprovisioned with Cayosoft Suspend. Because last logon date details from Active Directory may be inaccurate, the length of time since the account's password was changed is also considered. To avoid identifying newly created accounts, account age is also considered.
When to use this rule
Use this rule to suspend inactive Active Directory user accounts.
The user account should meet all these conditions to be suspended:
- Minimum days past since the last logon.
- Minimum days past since the password was set.
- Minimum days past since account creation.
Rule Settings
Query Section
| Setting name | Description |
|---|---|
|
Limit the scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to a specific OU. Important: To test rule configuration, limit the rule scope to a container that contains test accounts or objects.
|
|
Query criteria |
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
|
Minimum days past since the last logon |
Set a minimum number of days past since a user signs in to Active Directory. |
| Minimum days past since the password was set |
Set a minimum number of days past since an Active Directory user password was set. Use 0 to disable this check. |
| Minimum days past since account creation |
Set a minimum number of days past since the Active Directory user account creation. |
|
More Options |
|
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
|
Filter |
To hide unwanted data based on criteria, not supported by the Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name. Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
|
Sort by |
Sort result object list. |
Action Section
| Setting name | Description |
|---|---|
| Default suspend settings |
It is possible to use the default user suspend settings file or custom suspend settings file. To select the custom suspend settings file, click the [...] button. Default User Suspend Settings File is the file specified in Home > Configuration > Connected Systems Extensions > Active Directory configuration, Cayosoft Suspend Policies section. |
| Suspend related Office 365 user |
Set to Yes to suspend a matching Office 365 user account. Configure the Office 365 user account suspend settings in the Suspend | Office 365 User and Guest rule. |
| Suspend related Skype on-premises user | Set to Yes to suspend Skype Server service for the on-premises user. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Comments
0 comments
Please sign in to leave a comment.