Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,204
Community Members
 
Community Events
176
Community Groups

Scriptrunner - deactivate inactive users script - needs to be updated

Hello Jira community.

 

I used to use a script for Scriptrunner for automatically disable users that have been inactive for a certain period in JIRA, provided by Adaptivist. The code is still available on their page:

https://www.adaptavist.com/doco/display/SFJ/Automatically+deactivate+inactive+JIRA+users

In particular, I was using the version modified by Vasily Zverev (i cannot "@" him for some reason) which excludes certain groups

https://community.atlassian.com/t5/Jira-questions/Need-help-with-modification-of-Script-for-Deactivating-users/qaq-p/743341

Unfortunately since our last upgrade (we are running JIRA 7.9.2 now) the script is not working any longer, 

I tried to fix it myself but no success in making it work so far.

 

This is my version, which is at the moment still not working

 


import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.user.util.UserManager //I added this line to have the method getAllApplicationUsers()

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

UserManager.getAllApplicationUsers().findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"

 

From what I understand, I should not be used the UserManager but instead the search.UserSearchService

I did some tries but I do not manage to get this to work.

 

Any skiled groovy developer willing to help the community?

Thank you!

 

 

 

5 answers

1 accepted

2 votes
Answer accepted

Hello @Mirco Fabris

Try this

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.bc.user.search.UserSearchParams
import com.atlassian.jira.bc.user.search.UserSearchService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
UserSearchService userSearchService = ComponentAccessor.getComponent(UserSearchService.class);
UserSearchParams userSearchParams = new UserSearchParams(true, true, false);
List<ApplicationUser> userList = userSearchService.findUsers("", userSearchParams);
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

userList.findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"

Hi,

I'm sorry but this solution is not working for me. 

I want to disable some users, but is giving me this error:

No signature of method: static com.atlassian.jira.user.ApplicationUser.from() is applicable for argument types: (com.atlassian.crowd.embedded.impl.ImmutableUser)

@Rik de Valk @Mark Markov I am not a strong script writer so I am looking for someone to provide me a script that I can run each night to look for active users who have not logged in in the last 60 days and remove them from the jira-users group so they no longer take a license up.  I have ScriptRunner. I have found other scripts out there to de-activate users / make users inactive, but those scripts don't work for me because of our AD/LDAP setup.  So I just want to remove the active users who have not logged in in 60 days from the jira-users group.  I would be SO GREATFUL for someone to provide me a script to do this by username.  We have Jira 8.19.

Not much time today for helping but I can give you this snippet of code, for removing the user from the group; but you have to find the right place where to put it..

def userUtil = ComponentAccessor.userUtil // this is already present in the script

userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-users"), yourInactiveUser)

 

(I suppose it goes inside the 

if (d.before(dateLimit)) {
//
}

  

I'm not too good at this but I'll try to mess around with what you provided.  If there's any chance of more help later, I'd REALLY appreciate it!

Ugh, there's a problem with this snippet I think.  Let me explain:  With the other scripts I tried, they fail when trying to make the user Inactive.  I believe it's because of AD/LDAP set up.  It looks like the code snippet you gave me removes Inactive users from the jira-users group.  What I need is a script that finds users who have not logged in in 60 days and removes them from the jira-users group.  (They will still be seen as active.)  

I am not an engineer developer, so I would vastly appreciate the entire script if anyone can provide it.

Hi, I have a working script for this. 
I have some user groups that I exempt from deactivation. You can adjust or remove the 'SOME GROUP A'  to 'SOME GROUP D' to your needs. 

It provides some logging to report how many users were handled in what way. 
For example: some users cannot be deactivated because they're project or component lead. 

 

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager

int numOfDays = 150 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult
GroupManager groupManager = ComponentAccessor.getGroupManager()

// counters to count the number of users per outcome
long countAll = 0
long countDeactivated = 0
long countExcempted = 0
long countActivelyUsing = 0
long countFailedToDeactivate = 0
long countNeverLoggedIn = 0

userUtil.getUsers().findAll{it.isActive()}.each {

countAll++ // to keep track of all users we've looped through

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") || groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D")) {
countExcempted++
} else {
String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info("Deactivated ${updateUser.name}")
countDeactivated++
} else {
countFailedToDeactivate++
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
} else {
countActivelyUsing++
} // EndIF login date is longer then 150 days
} else { countNeverLoggedIn++} // EndIF login time is a number
} // EndIF user is in one of the exempted groups
} // Looped through last user

log.warn("${countAll} active users checked in total.\n")
log.warn("${countDeactivated} users deactivated.\n")
log.warn("${countExcempted} users skipped due to excempted Group membership.\n")
log.warn("${countActivelyUsing} users who have logged in during last 150 days.\n")
log.warn("${countFailedToDeactivate} users for which we failed to deactivate.\n")
log.warn("${countNeverLoggedIn} users never logged in.\n")

@Rik de Valk So I tried the exact script above and I had these problems. I would love your input:

1) Line 29:  

userUtil.getUsers().findAll{it.isActive()}.each {

I'm getting a warning icon telling me, "Use UserManager.getAll ApplicationUsers() instead Since v6.5@line 29, column 10.

2) Line 35

if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") ||     groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D")) 

 I inserted valid groups but got: "Use on of the other isUserInGroup methods that takes a concrete user object instead Since  v6.4.8 @line 35, column 22.  

3) After the script ran, I had hundreds of users that just logged as (for example): "ERROR [runner.ScriptBindingManager]: Update of jsmith failed: 

I have no idea why these are failing and started to think it was because the are AD users and that was preventing and account update?  Would that be a reason?

4) Why aren't users who have never logged in (for over the number of days specified) also made inactive?

@Mirco Fabris 

Please remember I'm not a software developer/engineer, so I need hand holding with complete scripts if you can help me in any way!!  THANK YOU.

There you go, this will work

You owe me a beer 🍺

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.login.LoginManager
import java.text.SimpleDateFormat;
import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.event.type.EventDispatchOption


def userUtil = ComponentAccessor.userUtil
def userManager = ComponentAccessor.userManager
def groupManager = ComponentAccessor.getGroupManager();
def loginManager = ComponentAccessor.getComponentOfType(LoginManager.class)
CrowdService crowdService = ComponentAccessor.crowdService
def maxDays = 90 // maximum number of days you will allow

 

def excludedGroups = [ // only externals
"jira-administrators",
"jira-system-administrators"
]

 

long count = 0;
def list
def lastlogin
def output = "Display Name; Username; Email; Last Login <br>"
def today = new Date()
def lastLogin
SimpleDateFormat df = new SimpleDateFormat("dd.MM.yy hh:mm")
userManager.getUsers().each { // loop through every user
list = true;
groupManager.getGroupNamesForUser(it).each { // loop through his groups
if (excludedGroups.contains(it)) { // if at least one group is in the list, add user
list = false;
}
}
if(list && it.isActive()) { //check if user is active & supposed to be listed
UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())
Long lastLoginTime = loginManager.getLoginInfo(it.username).getLastLoginTime()
lastlogin = "Never Logged In"
if(lastLoginTime != null) {
Date date = new Date(lastLoginTime)
lastlogin = df.format(date)
}
if(lastLoginTime != null && groovy.time.TimeCategory.minus(new Date(), new Date(lastLoginTime)).days > maxDays) {
userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-user"), it)
output += "${it.getDisplayName()}; ${it.getUsername()}; ${it.getEmailAddress()}; ${lastlogin};<br>"
count++
}
}
}
output
Like # people like this

you can also exclude some groups and the never logged in users are also taken care of

Like kdickason likes this

So was it working? 

@Mirco Fabris I don't know what happened, but I could have sworn I posted a reply last week.  YES!!!! It appears to be working GREAT!!!  I just had to adjust the name of the group from jira-software-user to jira-user in your text above.  I cannot thank you enough!!

that's good news, happy to be of help

Be warned:  I'll be tagging you in the future for more help, I'm sure.  HA!   And yes, I owe you a beer!!!

Like Mirco Fabris likes this

HI,

This script is working fine if the users never logged in but not working for the users who are inactive as they moved out of the organization.

we need to setup some parameters to check the inactive users as well. looking some help from the experts on this.

Appreciate for the suggestions

Thanks,

Mujahed

Hello, 

We are experiencing the same thing where the code works in the console but the deactivation fails when running it from a service. No error message is returned. Log message appears as "anonymous".  Is there any solution found?

@Mark Markov You are a legend!

It works like a charm; I was totally on the wrong track...

Thanks again, this is so helpful!

 

Have a great week!

@Mirco Fabris Is there a way to run these scripts without having to use scriptrunner for jira or another atlassian app that costs money? 

Hello @mrose 

Not that I know of, unfortunately. 

Scriptrunner is the minimum thing that one needs to afford even the smallest customization. 

I wished they made it built-in in Jira like they did with Automation or Advanced Roadmaps... but I suppose that will never happen because Adaptavist is very proud of their software and will not really sell it, and probably Atlassian as no interest in buying it and giving it for free. 

In any case, consider the investment... if I had to choose to have one single plugin in a Jira instance, it would be Scriptrunner. It is definitely the biggest bang for your buck.

Like mrose likes this

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events