I need to change everyone's UserPrincipalName (UPN) in our AD domain. The only thing that is changing is the domain name, e.g:
Current UPN: andy.chips@domain.local
New UPN: andy.chips@domain.com
If I change the UPN in AD it will wipe out all the existing users with the @domain.local suffix on the next User Directory sync. How do I prevent that and get the User Directory sync to pull in the new UPN whilst keeping the users' existing groups, etc?
I toyed around with changing the User Schema settings in User Directories and tried things like sAMAccountName"domain.com" to force the new domain, but that doesn't work, and to be honest, I'm only guessing at the syntax (assuming there's a valid one).
Alternatively, I assume I'd have to get involved in some hideous SQL queries, and I have no idea where to start with that one.
Advice please.
Andy.
Hey Andy,
My first advise to you is to have your Confluence on version 5.3 (or latest) since we added a table called user_mapping which cointains a hash to represent the user name. If you are already on that version range here are the two tables you would need to work with:
The second advise is to setup a test instance so you can do the following:
Once confluence starts, it will check for any changes, since the application will see that the user name matches it will not erase or create new entries.
Again this is a non supported procedure by atlassian so make sure to try it on a staging environment and then do a round of testing on your main pages and with all the macros your company most use.
If tests goes fine then backup your database and application directories of production and then give it a try.
Hope it helps ,
Tks David
David,
Thanks for that very helpful advice. It's just a shame that your official support team couldn't give me the same suggestions.
Can I just clarify points 6 and 11 - are those typos?
Many thanks,
Andy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You Welcome, Regarding My steps, yup typos: 6 - Repeat the queries. 11 - Profit! (just a little joke) - http://knowyourmeme.com/memes/profit Another detail is regarding personal spaces, after you do the above queries to update those tables you need to check the entries under content that have "~username". Once you update the cwd_user/user_mapping your user should be able to login with the new domain, however the personal space might have the different name. Also being honest with you the profile info might get outdated. I will see if I get sometime to test a little more in my end tomorrow and update you in here. Lastly we avoid giving that kind of advise over the tickets to avoid setting false expectations :). It might take sometime but I will see if I can check the above ;).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.