Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,459,377
Community Members
 
Community Events
176
Community Groups

Crowd: Migrating from Crowd internal directory to Microsoft Active Directory

Hi,

We have been using Crowd with an internal directory of users for SSO between JIRA, Confluence, Stash and Bamboo for the last few years.

We are now migrating over to using Microsoft Active Directory as our primary directory on Crowd. I have set up a stage environment to test, and have successfully created a new Microsoft Active Directory directory and imported all the relevant user and groups.

However the problem is that everyone will get new account for our applications as this is a new directory. Is it possible to either disable all the accounts in our old Crowd Internal Directory and link them to the new account in the Microsoft Active Directory? Or to merge the directory/accounts?

The end goal is that people who previously had an account in the Crowd internal directory would still be able to see all thier previous history/issues in JIRA/Confluence etc when we migrate over to the MS Active Directory.

Thanks in advance.

Ben

 

1 answer

1 accepted

1 vote
Answer accepted

As long as the user name matches, you can just put the AD user directory on top of the internal user directory and everything should work fine.

Keep an eye on the permissions as the user groups will have to be either created in AD or aggregated from both directories.

Thanks - I didn't think it would be that simple! The usernames where slightly different between the directories - I have to manually re-name the users in the old directory, and sync all the apps with crowd before adding the AD user directory, to preserve the users' history.

Like Kyle Rosier likes this

Well, I must be doing something wrong them as I end up with a new user. Seems t hapen to a user that had a user name that did NOT match what was in AD. I tried renaming the user prior to importing from Crowd directory. But it didn't seem to help sad 

@Jobin Kuruvilla [Adaptavist] could you please clarify where you're prioritizing the user directories? In Crowd you create an application and then add directories to the application. You can order the directories there, within Crowd, to prioritize them.

Then on the application side (i.e. JIRA) you add a user directory from Crowd, which is the "application" on the Crowd side. Here you can also order the directories to prioritize them.

I'm currently trying to figure out how to achieve the same thing that Ben was originally asking about. Do I setup my AD directory as a separate "application" in Crowd, and then add my internal Crowd and AD directories as separate User Directories in JIRA? Or do I add both directories to the same "application" in Crowd, and add that single entity as a User Directory to JIRA?

I figured out that the directory prioritization occurs within the 'Application' in Crowd. You don't need to add a new user directory on the application side, or even edit the existing Crowd user directory configuration on that end.

  1. Add the Active Directory (AD) user directory to Crowd.
  2. Create groups for the new directory and add users to those groups as necessary.
  3. Update the username of any users in other directory(s) to match the username to merge with in the new AD directory.
  4. Sync application (i.e. Jira) with Crowd to get username changes.
  5. Add the AD user directory to the application in Crowd, ordering it above the directory(s) of exiting users that will be "merged".
  6. Assign groups that can authenticate to the application for the AD user directory (or assign all via checkbox option).
  7. Sync application (i.e. Jira) with Crowd to get the new groups. Assign new groups as necessary per application (i.e. for Jira, use the Application Access administration page).

@Kyle Rosier Thanks for the detail walkthrough, I have a question:

In step2, can I bulk add users to the group? I've tried import from CSV but I can not only import group membership file plus I have no permission to edit external AD.

I haven't used the CSV import functionality. When I added the AD user directory to Crowd, it pulled in all the users that way. I then created groups in Crowd (configured to not write back to AD) and added AD users (in Crowd) to those groups. I believe at that point I was able to add one or many users at a time to a group.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events