Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Crowd: Migrating from Crowd internal directory to Microsoft Active Directory


We have been using Crowd with an internal directory of users for SSO between JIRA, Confluence, Stash and Bamboo for the last few years.

We are now migrating over to using Microsoft Active Directory as our primary directory on Crowd. I have set up a stage environment to test, and have successfully created a new Microsoft Active Directory directory and imported all the relevant user and groups.

However the problem is that everyone will get new account for our applications as this is a new directory. Is it possible to either disable all the accounts in our old Crowd Internal Directory and link them to the new account in the Microsoft Active Directory? Or to merge the directory/accounts?

The end goal is that people who previously had an account in the Crowd internal directory would still be able to see all thier previous history/issues in JIRA/Confluence etc when we migrate over to the MS Active Directory.

Thanks in advance.



1 answer

1 accepted

As long as the user name matches, you can just put the AD user directory on top of the internal user directory and everything should work fine.

Keep an eye on the permissions as the user groups will have to be either created in AD or aggregated from both directories.

Thanks - I didn't think it would be that simple! The usernames where slightly different between the directories - I have to manually re-name the users in the old directory, and sync all the apps with crowd before adding the AD user directory, to preserve the users' history.

Like Kyle Rosier likes this

Well, I must be doing something wrong them as I end up with a new user. Seems t hapen to a user that had a user name that did NOT match what was in AD. I tried renaming the user prior to importing from Crowd directory. But it didn't seem to help sad 

@Jobin Kuruvilla _Adaptavist_ could you please clarify where you're prioritizing the user directories? In Crowd you create an application and then add directories to the application. You can order the directories there, within Crowd, to prioritize them.

Then on the application side (i.e. JIRA) you add a user directory from Crowd, which is the "application" on the Crowd side. Here you can also order the directories to prioritize them.

I'm currently trying to figure out how to achieve the same thing that Ben was originally asking about. Do I setup my AD directory as a separate "application" in Crowd, and then add my internal Crowd and AD directories as separate User Directories in JIRA? Or do I add both directories to the same "application" in Crowd, and add that single entity as a User Directory to JIRA?

I figured out that the directory prioritization occurs within the 'Application' in Crowd. You don't need to add a new user directory on the application side, or even edit the existing Crowd user directory configuration on that end.

  1. Add the Active Directory (AD) user directory to Crowd.
  2. Create groups for the new directory and add users to those groups as necessary.
  3. Update the username of any users in other directory(s) to match the username to merge with in the new AD directory.
  4. Sync application (i.e. Jira) with Crowd to get username changes.
  5. Add the AD user directory to the application in Crowd, ordering it above the directory(s) of exiting users that will be "merged".
  6. Assign groups that can authenticate to the application for the AD user directory (or assign all via checkbox option).
  7. Sync application (i.e. Jira) with Crowd to get the new groups. Assign new groups as necessary per application (i.e. for Jira, use the Application Access administration page).

@Kyle Rosier Thanks for the detail walkthrough, I have a question:

In step2, can I bulk add users to the group? I've tried import from CSV but I can not only import group membership file plus I have no permission to edit external AD.

I haven't used the CSV import functionality. When I added the AD user directory to Crowd, it pulled in all the users that way. I then created groups in Crowd (configured to not write back to AD) and added AD users (in Crowd) to those groups. I believe at that point I was able to add one or many users at a time to a group.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

31 views 0 1
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you