Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,293,533
Community Members
 
Community Events
165
Community Groups

Scriptrunner - deactivate inactive users script - needs to be updated

Hello Jira community.

 

I used to use a script for Scriptrunner for automatically disable users that have been inactive for a certain period in JIRA, provided by Adaptivist. The code is still available on their page:

https://www.adaptavist.com/doco/display/SFJ/Automatically+deactivate+inactive+JIRA+users

In particular, I was using the version modified by Vasily Zverev (i cannot "@" him for some reason) which excludes certain groups

https://community.atlassian.com/t5/Jira-questions/Need-help-with-modification-of-Script-for-Deactivating-users/qaq-p/743341

Unfortunately since our last upgrade (we are running JIRA 7.9.2 now) the script is not working any longer, 

I tried to fix it myself but no success in making it work so far.

 

This is my version, which is at the moment still not working

 


import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.user.util.UserManager //I added this line to have the method getAllApplicationUsers()

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

UserManager.getAllApplicationUsers().findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"

 

From what I understand, I should not be used the UserManager but instead the search.UserSearchService

I did some tries but I do not manage to get this to work.

 

Any skiled groovy developer willing to help the community?

Thank you!

 

 

 

5 answers

1 accepted

2 votes
Answer accepted

Hello @Mirco Fabris

Try this

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.bc.user.search.UserSearchParams
import com.atlassian.jira.bc.user.search.UserSearchService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil

int numOfDays = 300 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
UserSearchService userSearchService = ComponentAccessor.getComponent(UserSearchService.class);
UserSearchParams userSearchParams = new UserSearchParams(true, true, false);
List<ApplicationUser> userList = userSearchService.findUsers("", userSearchParams);
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult

long count = 0

GroupManager groupManager = ComponentAccessor.getGroupManager();

userList.findAll{it.isActive()}.each {

if(groupManager.isUserInGroup(it.getName(),"jira-administrators"))
return;

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info "Deactivated ${updateUser.name}"
count++
} else {
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
}
}
}

"${count} users deactivated.\n"

Hi,

I'm sorry but this solution is not working for me. 

I want to disable some users, but is giving me this error:

No signature of method: static com.atlassian.jira.user.ApplicationUser.from() is applicable for argument types: (com.atlassian.crowd.embedded.impl.ImmutableUser)

@Rik de Valk @Mark Markov I am not a strong script writer so I am looking for someone to provide me a script that I can run each night to look for active users who have not logged in in the last 60 days and remove them from the jira-users group so they no longer take a license up.  I have ScriptRunner. I have found other scripts out there to de-activate users / make users inactive, but those scripts don't work for me because of our AD/LDAP setup.  So I just want to remove the active users who have not logged in in 60 days from the jira-users group.  I would be SO GREATFUL for someone to provide me a script to do this by username.  We have Jira 8.19.

Not much time today for helping but I can give you this snippet of code, for removing the user from the group; but you have to find the right place where to put it..

def userUtil = ComponentAccessor.userUtil // this is already present in the script

userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-users"), yourInactiveUser)

 

(I suppose it goes inside the 

if (d.before(dateLimit)) {
//
}

  

I'm not too good at this but I'll try to mess around with what you provided.  If there's any chance of more help later, I'd REALLY appreciate it!

Ugh, there's a problem with this snippet I think.  Let me explain:  With the other scripts I tried, they fail when trying to make the user Inactive.  I believe it's because of AD/LDAP set up.  It looks like the code snippet you gave me removes Inactive users from the jira-users group.  What I need is a script that finds users who have not logged in in 60 days and removes them from the jira-users group.  (They will still be seen as active.)  

I am not an engineer developer, so I would vastly appreciate the entire script if anyone can provide it.

Hi, I have a working script for this. 
I have some user groups that I exempt from deactivation. You can adjust or remove the 'SOME GROUP A'  to 'SOME GROUP D' to your needs. 

It provides some logging to report how many users were handled in what way. 
For example: some users cannot be deactivated because they're project or component lead. 

 

import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.crowd.embedded.impl.ImmutableUser
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.ApplicationUsers
import com.atlassian.jira.user.util.UserUtil
import com.atlassian.jira.security.groups.GroupManager

int numOfDays = 150 // Number of days the user was not logged in
Date dateLimit = (new Date())- numOfDays

UserUtil userUtil = ComponentAccessor.userUtil
CrowdService crowdService = ComponentAccessor.crowdService
UserService userService = ComponentAccessor.getComponent(UserService)
ApplicationUser updateUser
UserService.UpdateUserValidationResult updateUserValidationResult
GroupManager groupManager = ComponentAccessor.getGroupManager()

// counters to count the number of users per outcome
long countAll = 0
long countDeactivated = 0
long countExcempted = 0
long countActivelyUsing = 0
long countFailedToDeactivate = 0
long countNeverLoggedIn = 0

userUtil.getUsers().findAll{it.isActive()}.each {

countAll++ // to keep track of all users we've looped through

UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())

if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") || groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D")) {
countExcempted++
} else {
String lastLoginMillis = user.getValue('login.lastLoginMillis')
if (lastLoginMillis?.isNumber()) {
Date d = new Date(Long.parseLong(lastLoginMillis))
if (d.before(dateLimit)) {
updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser())
updateUserValidationResult = userService.validateUpdateUser(updateUser)
if (updateUserValidationResult.isValid()) {
userService.updateUser(updateUserValidationResult)
log.info("Deactivated ${updateUser.name}")
countDeactivated++
} else {
countFailedToDeactivate++
log.error "Update of ${user.name} failed: ${updateUserValidationResult.getErrorCollection().getErrors().entrySet().join(',')}"
}
} else {
countActivelyUsing++
} // EndIF login date is longer then 150 days
} else { countNeverLoggedIn++} // EndIF login time is a number
} // EndIF user is in one of the exempted groups
} // Looped through last user

log.warn("${countAll} active users checked in total.\n")
log.warn("${countDeactivated} users deactivated.\n")
log.warn("${countExcempted} users skipped due to excempted Group membership.\n")
log.warn("${countActivelyUsing} users who have logged in during last 150 days.\n")
log.warn("${countFailedToDeactivate} users for which we failed to deactivate.\n")
log.warn("${countNeverLoggedIn} users never logged in.\n")

@Rik de Valk So I tried the exact script above and I had these problems. I would love your input:

1) Line 29:  

userUtil.getUsers().findAll{it.isActive()}.each {

I'm getting a warning icon telling me, "Use UserManager.getAll ApplicationUsers() instead Since v6.5@line 29, column 10.

2) Line 35

if (groupManager.isUserInGroup(it.getName(),"SOME GROUP A") ||     groupManager.isUserInGroup(it.getName(),"SOME GROUP B") || groupManager.isUserInGroup(it.getName(),"SOME GROUP C") || groupManager.isUserInGroup(it.getName(),"SOME GROUP D")) 

 I inserted valid groups but got: "Use on of the other isUserInGroup methods that takes a concrete user object instead Since  v6.4.8 @line 35, column 22.  

3) After the script ran, I had hundreds of users that just logged as (for example): "ERROR [runner.ScriptBindingManager]: Update of jsmith failed: 

I have no idea why these are failing and started to think it was because the are AD users and that was preventing and account update?  Would that be a reason?

4) Why aren't users who have never logged in (for over the number of days specified) also made inactive?

@Mirco Fabris 

Please remember I'm not a software developer/engineer, so I need hand holding with complete scripts if you can help me in any way!!  THANK YOU.

There you go, this will work

You owe me a beer 🍺

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.login.LoginManager
import java.text.SimpleDateFormat;
import com.atlassian.crowd.embedded.api.CrowdService
import com.atlassian.crowd.embedded.api.UserWithAttributes
import com.atlassian.jira.bc.user.UserService
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.event.type.EventDispatchOption


def userUtil = ComponentAccessor.userUtil
def userManager = ComponentAccessor.userManager
def groupManager = ComponentAccessor.getGroupManager();
def loginManager = ComponentAccessor.getComponentOfType(LoginManager.class)
CrowdService crowdService = ComponentAccessor.crowdService
def maxDays = 90 // maximum number of days you will allow

 

def excludedGroups = [ // only externals
"jira-administrators",
"jira-system-administrators"
]

 

long count = 0;
def list
def lastlogin
def output = "Display Name; Username; Email; Last Login <br>"
def today = new Date()
def lastLogin
SimpleDateFormat df = new SimpleDateFormat("dd.MM.yy hh:mm")
userManager.getUsers().each { // loop through every user
list = true;
groupManager.getGroupNamesForUser(it).each { // loop through his groups
if (excludedGroups.contains(it)) { // if at least one group is in the list, add user
list = false;
}
}
if(list && it.isActive()) { //check if user is active & supposed to be listed
UserWithAttributes user = crowdService.getUserWithAttributes(it.getName())
Long lastLoginTime = loginManager.getLoginInfo(it.username).getLastLoginTime()
lastlogin = "Never Logged In"
if(lastLoginTime != null) {
Date date = new Date(lastLoginTime)
lastlogin = df.format(date)
}
if(lastLoginTime != null && groovy.time.TimeCategory.minus(new Date(), new Date(lastLoginTime)).days > maxDays) {
userUtil.removeUserFromGroup(ComponentAccessor.groupManager.getGroup("jira-software-user"), it)
output += "${it.getDisplayName()}; ${it.getUsername()}; ${it.getEmailAddress()}; ${lastlogin};<br>"
count++
}
}
}
output
Like # people like this

you can also exclude some groups and the never logged in users are also taken care of

Like kdickason likes this

So was it working? 

@Mirco Fabris I don't know what happened, but I could have sworn I posted a reply last week.  YES!!!! It appears to be working GREAT!!!  I just had to adjust the name of the group from jira-software-user to jira-user in your text above.  I cannot thank you enough!!

that's good news, happy to be of help

Be warned:  I'll be tagging you in the future for more help, I'm sure.  HA!   And yes, I owe you a beer!!!

Like Mirco Fabris likes this

Hello, 

We are experiencing the same thing where the code works in the console but the deactivation fails when running it from a service. No error message is returned. Log message appears as "anonymous".  Is there any solution found?

@Mark Markov You are a legend!

It works like a charm; I was totally on the wrong track...

Thanks again, this is so helpful!

 

Have a great week!

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

197 views 0 5
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you