Is it possible to move users between JIRA user directories? We have an instance where we used LDAP to authenticate users using a directory for quite some time and have about 1500 users in it and a couple of key groups for authorization of global access, etc.
However, now we setup a Microsoft Active Directory setup and automatically setup new users into this new directory. But we also have groups in this new directory that are sync'd via AD management (done elsewhere).
Is there a way to "move" the user accounts from the old directory such that they are sync'ing in from the new directory? We need to do this without ruining the users issue history and activity. We just want them syncing and managed from a single directory and using the groups from this new directory for clean setup in the authorization and permissions configuration in JIRA.
Hi Boris, thanks for answering so quickly.
So the destination directory is a "Microsoft Active Directory (Read Only, with Local Groups)" and the origin directory is "JIRA Delegated Authentication Directory". The migration tool does not show the Microsoft one as an option to migrate users from the Delegated one. However, is that because I am logged into the "Delegated" directory with the user account I am using?
Also - the "Microsoft" one is setup to create users as they appear in certain sub-trees of AD and add them to an AD group that is also a JIRA group and that group is also sync'd into JIRA. Right now, we have this old directory and would just like to consolidate. But I have a feeling I have to remove the old user so that the account then "sync's" from the Microsoft one, but that would ruin the user history.
I am also looking at this perhaps or something like it to experiment on our dev server: https://confluence.atlassian.com/jirakb/migrate-local-group-memberships-between-directories-289277867.html
Overall our goal is to just move forward with users being setup in the corporate Microsoft AD environment and then automatically getting into JIRA without direct JIRA admin work for user setup.
Changing external user directories should not ruin the user history. If the user names are the same between both directories you can try setting your new directory to be with higher priority that the old one and disable the old one. JIRA will then authenticate users against the new one and if the usernames match everything will work.
Basically JIRA copies all the users from external directories into its own database in a table that has username and directory ID as well as other fields which are not relevant in this dicussion. Any other objects (like issues, issue history) reference users by username, so it really does not matter where exactly the user comes from if the username is the same.
Try my suggestions in a staging/dev server and see what happens. Again - don't be afraid of loosing the history - it wont be removed if the user directory of the user is removed - if something goes wrong just bring back the user directory and sync it and the history will be fine.
If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot