Disable Active Directory Group
How to disable Active Directory Groups
The ability to an Disable Active Directory Group is completely missing from Active Directory. Cayosoft’s Free Suspend Tool will allow effectively disable AD groups. “Disabling” groups is preferable to deleting the group because the group SID (Security ID) is retained for auditing and management purposes, but it must be done correctly. The idea is to prevent the group from being used for security or distribution list purposes without actually deleting the group object itself. Cayosoft Suspend can effectively deactivate/disable AD groups right from the ADUC console. Suspend has a free mode allowing you to add this awesome capability to ADUC at no charge.
Understanding the difference between Security and Distribution group types is important here. When a user is authenticated all Security groups for which the user is a member are listed in the user’s token/ticket; Distribution List membership is not added tokens because they are not used for security. By changing the group type from Security to Distribution you prevent the group from being used for security purposes.
Simple Right-click to Suspend an Active Directory Group
Now the tricky part, if you have are running Microsoft Exchange or are syncing the group to a cloud based email system, you will need to take steps to prevent the group from being used as a distribution list. If you are using on-premise Exchange, you will need to set the security on the group so that it is not presented to users. If the group is being synced to Office 365 or to Google Apps, you will need to change the attributes of the group to prevent it from being seen by ILM or Google’s Sync solution.
Cayosoft Suspend is a free tool that performs these tasks for you automatically plus it has a “right-click” UNDO, Reporting and Object Retention if you no longer need the group and want it to be deleted in a month or two down the road. Download this free tool now, and no purchase or credit card necessary.