How do I configure Confluence to synchronize only a subset of users from my Microsoft AD?

I have created an AD group where I'm adding AD groups containing users that should be able to log in to Confluence.

I have successfully synchronised the whole AD but as we only have XX number of licenses, I would like to limit the number of accounts that are synchronised.

I've tried to follow the steps in the guide below but I cant get it to work.

https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluence

I have tried setting this DN in the "Base DN" field but it failed to work:

CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org

However, when i only type in the following, it works and synchronise the whole AD.

DC=world,DC=myad,DC=org

Where should i add this field: CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources

?

Kind regards

2 answers

This widget could not be displayed.
Stephen Sifers Community Champion Apr 06, 2014

Try the following:

Base DN:

OU=Users,OU=Company,DC=MyDomain,DC=Local

Then under your Additional Group DN you would specify your Confluence Access group.

Additional Group DN:

CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local

Also, ensure the users you are running the sync as has permissions into the OU's you are attempting to scan.

Im sorry, I could not get that to work.

The confluence web page https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluenceseems to state that I only should add the name of the group "ou=confluence-users" where you suggest that i should put the full name "CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local"

I've tried both but It won't sync my users.

This widget could not be displayed.

Hi Jacob,

I assume CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org is a group, right?

If you want just the users on this group to be synchronized, you can set your base DN to be DC=world,DC=myad,DC=org, leave both Additional User and Group DN’s empty, and under User Schema Settings->User Object Filter, you use a filter like this:

(&(objectClass=Person)(sAMAccountName=*)(memberOf=CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org))

This will ensure only users on CONFLUENCE_GROUP_USERS will be pulled from AD.

Please let me know if this works for you.

Best regards,

Felipe Alencastro

Thank you, but I tried that solution but only the accounts that directly belonged to the Confluence group were found.

The users that had a group belonging to the Confluence group where not found (as the Confluence group wasn't directly connected to those users) so that didn't work for me unfortunately.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 17, 2018 in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

588 views 7 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you