Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Crowd
Questions
crowd with AD connector: how detect disabled users ?

crowd with AD connector: how detect disabled users ?

hey folks,

is there a way to detect ex-employees and deactivate automatically so that there is no manual action needed?

we connect crowd to our AD through a Active Directory Connector...unfortunately it returns all records based on the used search string...so when an employee leaves the company some bits are being set on his AD record...i could filter on that one but it will remove the entire record from the results entirely. what i need is to deactivate this employee in crowd so that the "Disabled" flag gets synced to all connected applications like Jira, Confluence etc.

is this possible?

regards

2 answers

1 accepted

0 votes

Answer accepted

Support for Active Directory disabled accounts was added to Crowd 2.7 (CWD-995), so if you're using that version or higher then you should see the user get disabled in Crowd when they're marked as disabled in Active Directory.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Try to disable incremental synchronization feature and see if the changes picked up.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

im on 2.7.1 ... how does that happen? ive asked some AD guys from the company and they said that on disabled accounts a specific bit is being set.

still those users ware active in crowd. what exactly must happen on AD side in order to get them disabled in crowd ?

Thank you Caspar

C

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

hmmm i found some setting in the directory connector

Manage User Status locally:

If ticked, you can activate and deactivate users in Crowd independent of their status in the directory server.

i see that this was ticked before...does that mean it will ignore the AD settings completely?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Yes, if "Manage User Status Locally" was ticked, then Crowd will ignore whether the user is disabled or enabled in Active Directory. You should untick that if you want to use Active Directory to manage whether a user is enabled or disabled (note that the active/disabled status in Crowd will then be overwritten with whatever is in Active Directory on the next sync).

The background is that we introduced that option to keep backwards compatibility with existing installations of Crowd (i.e. to avoid enabling users which were intentionally disabled in Crowd but enabled in Active Directory); newly created Active Directory connectors should default to using the Active Directory server to determine whether a user is active or disabled.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

Use CrowdLess - a free tool that allows to sync disabled account from Active Directory to Crowd. Here is the GitHub link: https://github.com/jc1518/CrowdLess

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS