Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Microsoft Active Directory Change - Existing Confluence Settings

Tim Oldendorf
Tim Oldendorf
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 5, 2020

Our confluence instance (6.15.10 server) is connected to active directory. We are moving to a new active directory server. The only thing that is changing between severs is the actual hostname or so I am being told by our network team. 

Do I need to just modify the existing user directory hostname in confluence to the new hostname? Or do I need to Add a new directory?

I checked the knowledgebase and I see where it give instructions on how to edit the existing active directory settings, but I was concerned with if these edits will have any impact to existing users/permissions. If I edit the existing active directory - will this have any impact to current users and any confluence permissions assigned through confluence and not AD. 

Thanks for any input. And if this is documented somewhere in the knowledgebase, please point me in that direction!

Answer
Watch
Like Be the first to like this
423 views

1 answer

0 votes
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 5, 2020

Hi @Tim Oldendorf 

A direct edit of the hostname/ip address should work here if everything else is staying the same. Once done, synchronized the directory again.

  • Please make sure you are accessing the application with an admin account from the local directory else you may be locked out.

For safety my suggestion would be

  • set up a new directory with the same configuration as the old,
  • move this directory above the old directory (this ensures that you can revert if there are any problems reported by users. Which should normally not be the case.
  • If any users are added to a local group, re-do this here.
  • Monitor for about a week or so to let people feedback to you if they have problems.
  • If not, delete the old directory, 
  • Give go ahead to the team to drop the old directory 

This is the safer way to go.

Advantage of the first way where you are just changing hostname over the second is if a user is mapped to a local group, you do not need to add them to the local group.

View More Comments
Kim-Viet Le
Kim-Viet Le August 10, 2021

My group is looking to do something similar. 

If I use the 1st method and just type in a different hostname/IP address; it will retain all of the Confluence content as long as I resync the directory. Am I understanding this correctly? 

 

If I use the 2nd method, does this retain all my local groups? We have a lot of local groups with different rights; and I don't want to reassign groups. Will it retain all of my confluence content?

Why is the 2nd method safer compared  to the 1st method?

Like
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 11, 2021

That is correct @Kim-Viet Le

If the directory has a different username and password you have to account for this. My assumption is the new directory has the same configuration and structure as the old. The only difference is that you are moving to something new.

If you have an issue say users complain they don’t have specific access after your change, you can easily change the directory order and Jira behaves as it used to.

Secondly, if you have totally different configurations(different user filter, group filter, membership attributes), you will need to change these for the first to work however once you have changed it, if you didn’t save what it used to look like, a rollback becomes a real pain.

With the second, I just need to change the directory order and the application will behave as it used to. 
The biggest draw back with the second is you need to reassign any local group membership because Jira uses directory Id to map membership to groups in the database.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
6.15.10
TAGS
AUG Leaders

Atlassian Community Events

    See all events