Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,365,129
Community Members
 
Community Events
168
Community Groups

Changing the DN for groups of a Crowd MS AD directory: How to proceed?

We use Crowd with an MS AD (LDAP connector) directory. Until now we had the users and user groups in the same location in our AD. For various reasons we now want to move the user groups to a different location. We do not want to create a new directory in Crowd however. If at all possible, we'd like to just reconfigure the one we use now. Do we have to expect any problems? How do we proceed?

Do we first move the groups within the Active Directory and then set the User DN in the Crowd directory configuration or do we first set the new Group DN in the Crowd directory configuration and then move the groups in the Active Directory?

The most crucial thing is that we don't have to reasign the users to the groups. The information concerning which user belongs to which group has to be preserved, no matter what.

Thanks in advance!

2 answers

3 votes
fsim Rising Star Apr 08, 2012

Hey Yuk,

When you say move the user groups to a different location, will they still be sitting in the same Active Directory? If they are, then this should not be an issue (and if you are using an LDAP connector, the synchronization would preserve the memberships despite the new Group DN), but it's best that you do it this way:

1. Set the new Group DN in the Crowd directory configuration

2. Shutdown Crowd temporarily while you move the groups in AD

3. Start up Crowd, which will trigger a full AD sync.

Hope that helps.

Regards,

Foogie

We are in a simular situation. Our company has split, so we are migrating to a completely new AD forest. Is there a way to map the users within Crowd when we do this? I'm assuming we need to set up a new Directory in Crowd to authenticate to, but then all the users will look "new" when they are using the applications. It would be nice if we could map them to their old accounts somehow. Is this possible? Or are there other considerations we need to take into account when we do this migration?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events