Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,274
Community Members
 
Community Events
165
Community Groups

Crowd: migrate Active Directory to new usernames

Hello,

we currently use Crowd to manage users that come from various directories, both internal crowd directories and external LDAP.

Now we have to move our main active directory to a new active directory, sadly with new usernames.

Would anyone have any suggestion on what's the best way to do such a migration?
Obviously all the content and history in the connected Jira and Confluence instances should be retained. At best our users shouldn't even notice the change, besides the new username.

Greetings,
Michael

2 answers

0 votes
Mirek Community Leader Jul 15, 2019

That sounds very promising, so aliases would allow our users to still use their old usernames and retain all their data. This would be a good workaround for the meantime.

But from my understanding of the documentation this only adds an additional username that can be used for login and does not change any associated data, therefore not really "migrating" data to the new users, correct?

I would much prefer to cleanly move over all the data to the new usernames.

Mirek Community Leader Jul 16, 2019

Then you might try simply changing username on old Active Directory (to the new one) then migrate to new Active Directory.  

As a possible solution to my own problem I found the following approach:

  • import all old users from the active directory into an internal crowd directory
  • remove the old active directory
  • rename the old users to the new usernames
  • add the new active directory
  • remove the internal crowd directory

(probably do some synchronizations between these steps so that Jira and Confluence know of the new users)

Would this actually work and retain all the data?

@Michael Bachmanndid that work for you?

Yes it did work in the end although it certainly was a hassle.
The synchronizations to Jira and Confluence inbetween these steps are the key to make it work and have to be in a very specific order and it's also better do disable periodic synchronizations in the meantime.

I also have to give a fair warning on this approach!
Only later we have found some users (~2-3 out of 140) where the "user id" (NOT the "user key") was the mail address instead of the generic "JIRAUSER123". I'm not entirely sure how that came to be.
This does create some issues when using various APIs to integrate Jira/Confluence with other applications.

You should definitely test this several times in a test environment and check all the data.

So if i recall correctly (I hope) my final approach was as follows:

  • import all old users from the active directory into an internal crowd directory (using a .csv file)
  • remove the old active directory
  • synchronize to Jira/Confluence and check if everything still works!
  • rename the old users to the new usernames in the internal crowd directory
  • synchronize to Jira/Confluence and check if everything still works!
  • add the new active directory
  • remove the internal crowd directory
  • synchronize to Jira/Confluence and check if everything still works!

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

314 views 0 9
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you