crowd with AD connector: how detect disabled users ?

hey folks,

is there a way to detect ex-employees and deactivate automatically so that there is no manual action needed?

we connect crowd to our AD through a Active Directory Connector...unfortunately it returns all records based on the used search string...so when an employee leaves the company some bits are being set on his AD record...i could filter on that one but it will remove the entire record from the results entirely. what i need is to deactivate this employee in crowd so that the "Disabled" flag gets synced to all connected applications like Jira, Confluence etc.

is this possible?

regards

2 answers

1 accepted

Support for Active Directory disabled accounts was added to Crowd 2.7 (CWD-995), so if you're using that version or higher then you should see the user get disabled in Crowd when they're marked as disabled in Active Directory.

Try to disable incremental synchronization feature and see if the changes picked up.

im on 2.7.1 ... how does that happen? ive asked some AD guys from the company and they said that on disabled accounts a specific bit is being set.

still those users ware active in crowd. what exactly must happen on AD side in order to get them disabled in crowd ?

Thank you Caspar

C

hmmm i found some setting in the directory connector

Manage User Status locally:

If ticked, you can activate and deactivate users in Crowd independent of their status in the directory server.

i see that this was ticked before...does that mean it will ignore the AD settings completely?

Yes, if "Manage User Status Locally" was ticked, then Crowd will ignore whether the user is disabled or enabled in Active Directory. You should untick that if you want to use Active Directory to manage whether a user is enabled or disabled (note that the active/disabled status in Crowd will then be overwritten with whatever is in Active Directory on the next sync).

The background is that we introduced that option to keep backwards compatibility with existing installations of Crowd (i.e. to avoid enabling users which were intentionally disabled in Crowd but enabled in Active Directory); newly created Active Directory connectors should default to using the Active Directory server to determine whether a user is active or disabled.

Use CrowdLess - a free tool that allows to sync disabled account from Active Directory to Crowd. Here is the GitHub link: https://github.com/jc1518/CrowdLess

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,201 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you