Moving users between user directories in JIRA

Is it possible to move users between JIRA user directories? We have an instance where we used LDAP to authenticate users using a directory for quite some time and have about 1500 users in it and a couple of key groups for authorization of global access, etc.


However, now we setup a Microsoft Active Directory setup and automatically setup new users into this new directory. But we also have groups in this new directory that are sync'd via AD management (done elsewhere). 


Is there a way to "move" the user accounts from the old directory such that they are sync'ing in from the new directory? We need to do this without ruining the users issue history and activity. We just want them syncing and managed from a single directory and using the groups from this new directory for clean setup in the authorization and permissions configuration in JIRA.

2 answers

Are all the usernames and group names the same or you've changed something ?

Hi Boris, thanks for answering so quickly.

So the destination directory is a "Microsoft Active Directory (Read Only, with Local Groups)" and the origin directory is "JIRA Delegated Authentication Directory". The migration tool does not show the Microsoft one as an option to migrate users from the Delegated one. However, is that because I am logged into the "Delegated" directory with the user account I am using?

Also - the "Microsoft" one is setup to create users as they appear in certain sub-trees of AD and add them to an AD group that is also a JIRA group and that group is also sync'd into JIRA. Right now, we have this old directory and would just like to consolidate. But I have a feeling I have to remove the old user so that the account then "sync's" from the Microsoft one, but that would ruin the user history.

I am also looking at this perhaps  or something like it to experiment on our dev server: 


Overall our goal is to just move forward with users being setup in the corporate Microsoft AD environment and then automatically getting into JIRA without direct JIRA admin work for user setup.

Changing external user directories should not ruin the user history. If the user names are the same between both directories you can try setting your new directory to be with higher priority that the old one and disable the old one. JIRA will then authenticate users against the new one and if the usernames match everything will work. 

Basically JIRA copies all the users from external directories into its own database in a table that has username and directory ID as well as other fields which are not relevant in this dicussion. Any other objects (like issues, issue history) reference users by username, so it really does not matter where exactly the user comes from if the username is the same.

Try my suggestions in a staging/dev server and see what happens. Again - don't be afraid of loosing the history - it wont be removed if the user directory of the user is removed - if something goes wrong just bring back the user directory and sync it and the history will be fine.

Also log-in with a user from the internal directory before exploring the available user directory options/operations as JIRA would not allow you change the user directory against your user was authenticated.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 09, 2018 in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

250 views 6 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you