It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Grant all AD users to submit a ticket via email

Hello everyone,

First of all let me provide some details about my setup:
- Jira Service Desk V 3.9.1
- Dedicated Server (no cloud hosting)
- Active Directory queried via LDAP on Win Server 2012 R2
- Service Desk Starter license (3 agents)
- If I missed something please ask ;)

I have an issue with granting all Active Directory users the right to submit a ticket via email automatically when they are created without manually adding them to another user group that the Default Domain Group. The group itself is syncing and appears under Users Administration, but the group remains empty.

I already tried the following without success:

- Created an AD grop "servicedeskusers" and added the member "Default Domain Users"
- Connected Service Desk to LDAP following these steps Connecting to an LDAP directory setting a default group "sd-users" and the "Update group membership on login" property to "Everytime, user is logging in". This resulted in creating the group but membership isn't updated (the user was not added to the group)

I am aware that there's an issue with JIRA and primary groups as I have found here (JRASERVER-29187) and here (CONFSERVER-6729), which relate to Confluence but seem to be similar. Although the suggested workaround dosen't work for me (or I do silly mistakes while configuring ;)

Any suggestions or howtos are appreciated.


2 answers

0 votes

Hi Andreas,

  • Are you using CROWD?

There is a good knowledge base article titled Groups and Users maintained in Microsoft Windows Active Directory are not properly being added to JIRA that may assist you and it provides three primary reasons for this behavior:

  1. There are Group names that contain special characters such as & (Ampersand), _ (Underscore), Umlaut such as å/Å, ä/Ä and ö/Ö in the AD
  2. Membership in Active Directory seems to be missing for some groups. Usually the "member" attribute is used for this.
  3. Duplication of groups in JIRA internal directory and Active Directory

In addition, Troubleshooting LDAP User Management provides the following as a possibility:

The Membership Schema Settings may be incorrect.

  • If this applies to only one user, it is likely the user details are incorrect.
  • If it applies to multiple, it is likely the JIRA Software configuration is incorrect.

Verify by browsing with Directory Studio (check with a sample user) and ensure the following attributes are correct within the Membership Schema Settings in JIRA Software:

  • Group Members Attribute 
  • User Membership Attribute

Please review the above reasons and take a look at the knowledge base article I linked above.  If that does resolve your issue with AD let us know.  If not, we may need to turn up debug logging and attempt a sync and see what the logs say.



Hi Branden,

thanks for your reply.

At first let me state that despite of owning the license a time ago I'm pretty new to JIRA and its configuration as well as I'm German speaking and I hope my English explanation is suitable. So I would appreciate your patience ;)

I don't use CROWD. I was not aware of this product.

You are right. My German localisation of Acive Directory consists of "Umlaute" as "Default Domain Users" is translated as "Domänen-Benutzer" in German. But I doubt that this could be a reason as "Domänen-Admins" (Domain admins) group show up all members as expected.

I have tried your suggestion "Troubleshooting LDAP User Management" in conjunction with using the Apache Directory Studio. It seems all fine and I can browse the directory as expected except the "MemberOf" Attribute doesn't show the actual members or groupe memebers. E.g. "Benutzer" (Users) show up but doesn't contain the designated members (all of them, not a only one user). Perhaps the DN is CN=Builtin, DC=example, DC=com which is to add at "Preferences for Group Schema"?

For a sample user called Demo it seems that there doesn't exist an attribute "Member" or "MemberOf" using Apache Directory Studio while Active Directory shows "Default Domain Users" as primary and only group.

If the provided information isn't able to clarify the issue any further please provide steps how to enable debug logging as suggested.


Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Service Desk

Tell us how you've implemented Change Management

Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...

1,746 views 10 17
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you