Cayo Software has a user and group de-provisioning tools called Cayo Suspend. The solution automates deactivating users and groups when they are no longer needed. (Think terminations, retirements or extended leaves of absence). The tool worked great and it was well organized and integrated right into my ADUC console.

Because AD has no ability to Disable a group I was surprised when I found that this tool could essentially do this. Apparently what they do is change the group type so that the group’s SID is no longer put into the user’s token when they logon; this prevents the group from granting access. Further they hide the group from Exchange so it can’t be used as a distribution list. Pretty cool trick – and the entire process is reversible with a right-click Undo.

It is clear to me that this tool would be best utilized in an environment where there are people going on extended leave or where people are trying to improve their group management. Finding pricing for the solution was a little difficult on web, but for what they provide the cost isn’t too bad.

Company: www.cayosoft.com

Price: $99 covers 100 enabled AD users.

US Cyber Disclosure – Company Ownership: USA

Award