crowd with AD connector: how detect disabled users ?

C. Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 2, 2014

hey folks,

is there a way to detect ex-employees and deactivate automatically so that there is no manual action needed?

we connect crowd to our AD through a Active Directory Connector...unfortunately it returns all records based on the used search string...so when an employee leaves the company some bits are being set on his AD record...i could filter on that one but it will remove the entire record from the results entirely. what i need is to deactivate this employee in crowd so that the "Disabled" flag gets synced to all connected applications like Jira, Confluence etc.

is this possible?

regards

2 answers

1 accepted

0 votes
Answer accepted
Caspar Krieger
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 3, 2014

Support for Active Directory disabled accounts was added to Crowd 2.7 (CWD-995), so if you're using that version or higher then you should see the user get disabled in Crowd when they're marked as disabled in Active Directory.

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2014

Try to disable incremental synchronization feature and see if the changes picked up.

C. Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2014

im on 2.7.1 ... how does that happen? ive asked some AD guys from the company and they said that on disabled accounts a specific bit is being set.

still those users ware active in crowd. what exactly must happen on AD side in order to get them disabled in crowd ?

Thank you Caspar

C

C. Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2014

hmmm i found some setting in the directory connector

Manage User Status locally:

If ticked, you can activate and deactivate users in Crowd independent of their status in the directory server.

i see that this was ticked before...does that mean it will ignore the AD settings completely?

Caspar Krieger
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 5, 2014

Yes, if "Manage User Status Locally" was ticked, then Crowd will ignore whether the user is disabled or enabled in Active Directory. You should untick that if you want to use Active Directory to manage whether a user is enabled or disabled (note that the active/disabled status in Crowd will then be overwritten with whatever is in Active Directory on the next sync).

The background is that we introduced that option to keep backwards compatibility with existing installations of Crowd (i.e. to avoid enabling users which were intentionally disabled in Crowd but enabled in Active Directory); newly created Active Directory connectors should default to using the Active Directory server to determine whether a user is active or disabled.

0 votes
Jackie Chen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
December 19, 2017

Use CrowdLess - a free tool that allows to sync disabled account from Active Directory to Crowd. Here is the GitHub link: https://github.com/jc1518/CrowdLess

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events