Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,477
Community Members
 
Community Events
165
Community Groups

crowd with AD connector: how detect disabled users ?

hey folks,

is there a way to detect ex-employees and deactivate automatically so that there is no manual action needed?

we connect crowd to our AD through a Active Directory Connector...unfortunately it returns all records based on the used search string...so when an employee leaves the company some bits are being set on his AD record...i could filter on that one but it will remove the entire record from the results entirely. what i need is to deactivate this employee in crowd so that the "Disabled" flag gets synced to all connected applications like Jira, Confluence etc.

is this possible?

regards

2 answers

1 accepted

0 votes
Answer accepted

Support for Active Directory disabled accounts was added to Crowd 2.7 (CWD-995), so if you're using that version or higher then you should see the user get disabled in Crowd when they're marked as disabled in Active Directory.

Try to disable incremental synchronization feature and see if the changes picked up.

im on 2.7.1 ... how does that happen? ive asked some AD guys from the company and they said that on disabled accounts a specific bit is being set.

still those users ware active in crowd. what exactly must happen on AD side in order to get them disabled in crowd ?

Thank you Caspar

C

hmmm i found some setting in the directory connector

Manage User Status locally:

If ticked, you can activate and deactivate users in Crowd independent of their status in the directory server.

i see that this was ticked before...does that mean it will ignore the AD settings completely?

Yes, if "Manage User Status Locally" was ticked, then Crowd will ignore whether the user is disabled or enabled in Active Directory. You should untick that if you want to use Active Directory to manage whether a user is enabled or disabled (note that the active/disabled status in Crowd will then be overwritten with whatever is in Active Directory on the next sync).

The background is that we introduced that option to keep backwards compatibility with existing installations of Crowd (i.e. to avoid enabling users which were intentionally disabled in Crowd but enabled in Active Directory); newly created Active Directory connectors should default to using the Active Directory server to determine whether a user is active or disabled.

Use CrowdLess - a free tool that allows to sync disabled account from Active Directory to Crowd. Here is the GitHub link: https://github.com/jc1518/CrowdLess

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

320 views 0 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you