Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to update user information created by Active Directory Server if we disable the sync?

JT Tsai
JT Tsai July 27, 2018

We are planning to enable SSO for JIRA/Confluence. Currently all the users are created via Microsoft Active Directory which means they are read-only. The user names for SSO are different from the AD so I need to manually change them. I was thinking if I can stop the synching of the user accounts from AD, then I can update them manually. Yes?

Answer
Watch
Like David Drinnan likes this
1264 views

1 answer

0 votes
Brant Schroeder
Brant Schroeder
Community Champion
July 27, 2018

f you are using Active Directory as a user directory in JIRA this is connected via LDAP and the usernames would need to be changed in AD.  For JIRA username ( login name ) is the primary key, so if you change it JIRA thinks it's just another user.  You can change first name, last name, and display name. 

With that being said you could try to user the scriptrunner plugin. It has a built in script for changing username but you would have to write your own script to check for LDAP changes.  Don't know if it would work it you are trying to change directories though since you are moving to SSO.  You could always try in a test environment before making any changes in your production instance.

View More Comments
JT Tsai
JT Tsai July 29, 2018

Hi Brant,

Thanks for your answer. I need to clarify the requirement. Currently the AD's username is their workstation username but for SSO, the username is some unique name that the users created themselves from third-party SSO; therefore I need to change their JIRA username (currently their AD username) to match their SSO username. I was able to test this by changing the AD to allow write/read and I was able to change the  JIRA username (luckily, changing JIRA username doesn't count as another user) but I don't want the changed JIRA username to update the AD username. This is where my problem lies.

My first thought is that I just need to stop the AD from synching (basically a cut-off point where now users are manually created and use SSO username) but the problem when I stopped the synching, the JIRA users that are created by AD disappeared. I'm not sure if there is anyway to override that?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security