Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Changing the DN for groups of a Crowd MS AD directory: How to proceed?

Elvir Hadzic
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 19, 2012

We use Crowd with an MS AD (LDAP connector) directory. Until now we had the users and user groups in the same location in our AD. For various reasons we now want to move the user groups to a different location. We do not want to create a new directory in Crowd however. If at all possible, we'd like to just reconfigure the one we use now. Do we have to expect any problems? How do we proceed?

Do we first move the groups within the Active Directory and then set the User DN in the Crowd directory configuration or do we first set the new Group DN in the Crowd directory configuration and then move the groups in the Active Directory?

The most crucial thing is that we don't have to reasign the users to the groups. The information concerning which user belongs to which group has to be preserved, no matter what.

Thanks in advance!

2 answers

3 votes
fsim
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 8, 2012

Hey Yuk,

When you say move the user groups to a different location, will they still be sitting in the same Active Directory? If they are, then this should not be an issue (and if you are using an LDAP connector, the synchronization would preserve the memberships despite the new Group DN), but it's best that you do it this way:

1. Set the new Group DN in the Crowd directory configuration

2. Shutdown Crowd temporarily while you move the groups in AD

3. Start up Crowd, which will trigger a full AD sync.

Hope that helps.

Regards,

Foogie

0 votes
Andrew Serff
Contributor
September 6, 2012

We are in a simular situation. Our company has split, so we are migrating to a completely new AD forest. Is there a way to map the users within Crowd when we do this? I'm assuming we need to set up a new Directory in Crowd to authenticate to, but then all the users will look "new" when they are using the applications. It would be nice if we could map them to their old accounts somehow. Is this possible? Or are there other considerations we need to take into account when we do this migration?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events