Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scriptrunner - deactivate inactive users script - needs to be updated

mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 12, 2018

Hello Jira community.

 

I used to use a script for Scriptrunner for automatically disable users that have been inactive for a certain period in JIRA, provided by Adaptivist. The code is still available on their page:

https://www.adaptavist.com/doco/display/SFJ/Automatically+deactivate+inactive+JIRA+users

In particular, I was using the version modified by Vasily Zverev (i cannot "@" him for some reason) which excludes certain groups

https://community.atlassian.com/t5/Jira-questions/Need-help-with-modification-of-Script-for-Deactivating-users/qaq-p/743341

Unfortunately since our last upgrade (we are running JIRA 7.9.2 now) the script is not working any longer, 

I tried to fix it myself but no success in making it work so far.

 

This is my version, which is at the moment still not working

 


import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.user.util.UserManager //I added this line to have the method getAllApplicationUsers()

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

UserManager.getAllApplicationUsers().findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
 return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
 if (lastLoginMillis?.isNumber()) {
 Date d = new Date(Long.parseLong(lastLoginMillis))
 if (d.before(dateLimit)) {
 updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
 updateUserValidationResult = userService.validateUpdateUser(updateUser)
 if (updateUserValidationResult.isValid()) {
 userService.updateUser(updateUserValidationResult)
 log.info "Deactivated ${updateUser.name}"
 count++
 } else {
 log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
 }
 }
 }
}

"${count} users deactivated.\n"

 

From what I understand, I should not be used the UserManager but instead the search.UserSearchService

I did some tries but I do not manage to get this to work.

 

Any skiled groovy developer willing to help the community?

Thank you!

 

 

 

Answer
Watch
Like Be the first to like this
9895 views

5 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
2 votes
Answer accepted
Mark Markov
Mark Markov
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 15, 2018

Hello @mfabris

Try this

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.bc.user.search.UserSearchParams
import com.atlassian.jira.bc.user.search.UserSearchService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
UserSearchService userSearchService = ComponentAccessor.getComponent(UserSearchService.class);
UserSearchParams userSearchParams = new UserSearchParams(true, true, false);
List<ApplicationUser> userList = userSearchService.findUsers("", userSearchParams);
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

userList.findAll{it.isActive()}.each {

    if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
        return;

    UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

    String lastLoginMillis = user.getValue('login.lastLoginMillis')
    if (lastLoginMillis?.isNumber()) {
        Date d = new Date(Long.parseLong(lastLoginMillis))
        if (d.before(dateLimit)) {
            updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
            updateUserValidationResult = userService.validateUpdateUser(updateUser)
            if (updateUserValidationResult.isValid()) {
                userService.updateUser(updateUserValidationResult)
                log.info "Deactivated ${updateUser.name}"
                count++
            } else {
                log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
            }
        }
    }
}

"${count} users deactivated.\n"
View More Comments
Reply
Jorge Jerez
Jorge Jerez
Contributor
May 14, 2019

Hi,

I'm sorry but this solution is not working for me. 

I want to disable some users, but is giving me this error:

No signature of method: static com.atlassian.jira.user.ApplicationUser.from() is applicable for argument types: (com.atlassian.crowd.embedded.impl.ImmutableUser)

Like
0 votes
kdickason
kdickason
Contributor
October 26, 2021

@Rik de Valk @Mark Markov I am not a strong script writer so I am looking for someone to provide me a script that I can run each night to look for active users who have not logged in in the last 60 days and remove them from the jira-users group so they no longer take a license up.  I have ScriptRunner. I have found other scripts out there to de-activate users / make users inactive, but those scripts don't work for me because of our AD/LDAP setup.  So I just want to remove the active users who have not logged in in 60 days from the jira-users group.  I would be SO GREATFUL for someone to provide me a script to do this by username.  We have Jira 8.19.

View More Comments
Reply
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2021

Not much time today for helping but I can give you this snippet of code, for removing the user from the group; but you have to find the right place where to put it..

def userUtil = ComponentAccessor.userUtil // this is already present in the script
 
userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-users"), yourInactiveUser)

 

(I suppose it goes inside the 

if (d.before(dateLimit)) {
//
}

  

Like
kdickason
kdickason
Contributor
October 26, 2021

I'm not too good at this but I'll try to mess around with what you provided.  If there's any chance of more help later, I'd REALLY appreciate it!

Like
kdickason
kdickason
Contributor
October 26, 2021

Ugh, there's a problem with this snippet I think.  Let me explain:  With the other scripts I tried, they fail when trying to make the user Inactive.  I believe it's because of AD/LDAP set up.  It looks like the code snippet you gave me removes Inactive users from the jira-users group.  What I need is a script that finds users who have not logged in in 60 days and removes them from the jira-users group.  (They will still be seen as active.)  

I am not an engineer developer, so I would vastly appreciate the entire script if anyone can provide it.

Like
0 votes
Rik de Valk
Rik de Valk October 8, 2020

Hi, I have a working script for this. 
I have some user groups that I exempt from deactivation. You can adjust or remove the 'SOME GROUP A'  to 'SOME GROUP D' to your needs. 

It provides some logging to report how many users were handled in what way. 
For example: some users cannot be deactivated because they're project or component lead. 

 

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager

int numOfDays = 150 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult
GroupManager groupManager = ComponentAccessor.getGroupManager()

// counters to count the number of users per outcome
long countAll = 0
long countDeactivated = 0
long countExcempted = 0
long countActivelyUsing = 0
long countFailedToDeactivate = 0 
long countNeverLoggedIn = 0

userUtil.getUsers().findAll{it.isActive()}.each {

    countAll++ // to keep track of all users we've looped through
    
    UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())
    
    if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") ||     groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D")) {
        countExcempted++ 
    } else {
        String lastLoginMillis = user.getValue('login.lastLoginMillis')
        if (lastLoginMillis?.isNumber()) {
            Date d = new Date(Long.parseLong(lastLoginMillis))
            if (d.before(dateLimit)) {
                updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
                updateUserValidationResult = userService.validateUpdateUser(updateUser)
                if (updateUserValidationResult.isValid()) { 
                    userService.updateUser(updateUserValidationResult)
                    log.info("Deactivated ${updateUser.name}")
                    countDeactivated++ 
                } else {
                    countFailedToDeactivate++
                    log.error "Update of ${user.name} failed:          ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
                }
            } else {
                countActivelyUsing++
            } // EndIF login date is longer then 150 days
        } else { countNeverLoggedIn++} // EndIF login time is a number
    } // EndIF user is in one of the exempted groups
} // Looped through last user

log.warn("${countAll} active users checked in total.\n")
log.warn("${countDeactivated} users deactivated.\n")
log.warn("${countExcempted} users skipped due to excempted Group membership.\n")
log.warn("${countActivelyUsing} users who have logged in during last 150 days.\n")
log.warn("${countFailedToDeactivate} users for which we failed to deactivate.\n")
log.warn("${countNeverLoggedIn} users never logged in.\n")
View More Comments
Reply
kdickason
kdickason
Contributor
October 26, 2021

@Rik de Valk So I tried the exact script above and I had these problems. I would love your input:

1) Line 29:  

userUtil.getUsers().findAll{it.isActive()}.each {

I'm getting a warning icon telling me, "Use UserManager.getAll ApplicationUsers() instead Since v6.5@line 29, column 10.

2) Line 35

if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") ||     groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D"))

 I inserted valid groups but got: "Use on of the other isUserInGroup methods that takes a concrete user object instead Since  v6.4.8 @line 35, column 22.  

3) After the script ran, I had hundreds of users that just logged as (for example): "ERROR [runner.ScriptBindingManager]: Update of jsmith failed: 

I have no idea why these are failing and started to think it was because the are AD users and that was preventing and account update?  Would that be a reason?

4) Why aren't users who have never logged in (for over the number of days specified) also made inactive?

@mfabris 

Please remember I'm not a software developer/engineer, so I need hand holding with complete scripts if you can help me in any way!!  THANK YOU.

Like
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 27, 2021

There you go, this will work

You owe me a beer 🍺

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.login.LoginManager
import java.text.SimpleDateFormat;
import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.event.type.EventDispatchOption


def userUtil = ComponentAccessor.userUtil
def userManager = ComponentAccessor.userManager
def groupManager = ComponentAccessor.getGroupManager();
def loginManager = ComponentAccessor.getComponentOfType(LoginManager.class)
CrowdService crowdService = ComponentAccessor.crowdService
def maxDays = 90 // maximum number of days you will allow

 

def excludedGroups = [ // only externals
"jira-administrators",
"jira-system-administrators"
]

 

long count = 0;
def list
def lastlogin
def output = "Display Name; Username; Email; Last Login <br>"
def today = new Date()
def lastLogin
SimpleDateFormat df = new SimpleDateFormat("dd.MM.yy hh:mm")
userManager.getUsers().each { // loop through every user
list = true; 
groupManager.getGroupNamesForUser(it).each { // loop through his groups
if (excludedGroups.contains(it)) { // if at least one group is in the list, add user
list = false; 
}
}
if(list && it.isActive()) { //check if user is active & supposed to be listed
UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())
Long lastLoginTime = loginManager.getLoginInfo(it.username).getLastLoginTime()
lastlogin = "Never Logged In"
if(lastLoginTime != null) {
Date date = new Date(lastLoginTime)
lastlogin = df.format(date)
}
if(lastLoginTime != null && groovy.time.TimeCategory.minus(new Date(), new Date(lastLoginTime)).days > maxDays) { 
userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-user"), it)
output += "${it.getDisplayName()}; ${it.getUsername()}; ${it.getEmailAddress()}; ${lastlogin};<br>"
count++
}
}
}
output
Like # people like this
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 27, 2021

you can also exclude some groups and the never logged in users are also taken care of

Like kdickason likes this
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 2, 2021

So was it working? 

Like
kdickason
kdickason
Contributor
November 2, 2021

@mfabris I don't know what happened, but I could have sworn I posted a reply last week.  YES!!!! It appears to be working GREAT!!!  I just had to adjust the name of the group from jira-software-user to jira-user in your text above.  I cannot thank you enough!!

Like
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 2, 2021

that's good news, happy to be of help

Like
kdickason
kdickason
Contributor
November 2, 2021

Be warned:  I'll be tagging you in the future for more help, I'm sure.  HA!   And yes, I owe you a beer!!!

Like mfabris likes this
Mujahed Faroqui
Mujahed Faroqui October 13, 2022

HI,

This script is working fine if the users never logged in but not working for the users who are inactive as they moved out of the organization.

we need to setup some parameters to check the inactive users as well. looking some help from the experts on this.

Appreciate for the suggestions

Thanks,

Mujahed

Like
0 votes
Deleted user October 11, 2019

Hello, 

We are experiencing the same thing where the code works in the console but the deactivation fails when running it from a service. No error message is returned. Log message appears as "anonymous".  Is there any solution found?

Reply
0 votes
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 15, 2018

@Mark Markov You are a legend!

It works like a charm; I was totally on the wrong track...

Thanks again, this is so helpful!

 

Have a great week!

View More Comments
Reply
Deleted user September 27, 2022

@mfabris Is there a way to run these scripts without having to use scriptrunner for jira or another atlassian app that costs money? 

Like
mfabris
mfabris
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 27, 2022

Hello @[deleted] 

Not that I know of, unfortunately. 

Scriptrunner is the minimum thing that one needs to afford even the smallest customization. 

I wished they made it built-in in Jira like they did with Automation or Advanced Roadmaps... but I suppose that will never happen because Adaptavist is very proud of their software and will not really sell it, and probably Atlassian as no interest in buying it and giving it for free. 

In any case, consider the investment... if I had to choose to have one single plugin in a Jira instance, it would be Scriptrunner. It is definitely the biggest bang for your buck.

Like Deleted user likes this
Deleted user September 28, 2022

Thanks @mfabris

Like
Infantzo_Prashandh_tetrapak_com
Infantzo_Prashandh_tetrapak_com
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 21, 2024

Hello @mfabris 

 

I tried the script above but I received the error as 

save.png

 

can you suggest me how can I solve this...

Like Marco Cassanelli likes this
groups-icon
App Central
TAGS
AUG Leaders

Atlassian Community Events

    See all events