Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,293,416
Community Members
 
Community Events
165
Community Groups

Jira AD sync issue

Hi Team, 

In our case, we create a user object in AD and give permission to the Jira group. This used work in past now what has been observed is when we create an AD object and assignee an AD group (Jira) in AD, the user gets created in Jira internal directory but it does not get the Jira application permission which in past used to get automatically. The checkbox of Jira Application is unchecked now which was checked by default when a new user was created and assigned to Jira group in AD. I am unable to find what is going wrong were.   

1 answer

0 votes
Brant Schroeder Community Leader May 02, 2019

It could be one of two issues:

  1. You changed your Jira user directory settings.  For the AD (LDAP) directory there is a setting to add user groups automatically.  You can set this up so it automatically applies the group you are using to provide a Jira license, jira-core-users for example.  You can learn more here: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html?_ga=2.32066234.528327540.1556810616-1785046573.1549295491#ConnectingtoanLDAPdirectory-Groupschemasettings%C2%A0
  2. You changed what groups are able to access Jira. In Jira instances where I am connected to AD then usually I tie a certain AD group to users to manage licensing.  That group is provided access in Jira by managing group access to applications.  If you remove the group then individuals would loose access.  Learn more here: https://confluence.atlassian.com/adminjiraserver/manage-group-access-to-applications-938847042.html

@Brant Schroeder , I have in same situation but in fact I think the explaination that user try to explain is same as in my case.$

I have an Azure AD synchromisation process wihich is done every 15mn, then all AD groups and users gets associate to this AD Directory which is set as READ ONLY.

What is happening in my case, is that when a user is created in Azure AD and associated to a group, when the AD sync occurs in Jira, it add correctly the new user and linked it to AD Directory BUT in addition it is added that same user as a phantom user in Jira Internal directory

This was not occuring before until we update our jira to 8.20 Data Center version

Why and how this user van be created in Internal Jira directory ?

It should not be added there unless Atlassian change the process and all user gets added to both ? which will be really stupid

Thnanks for your point of view

regarsd

Brant Schroeder Community Leader May 11, 2022

@Calderara Serge I am not aware of any changes.  If this is happening it might be do to a setting in AD that is now considered in the sync that was not before.  I would reach out to Atlassian support.  They will be able to see your full configuration in the support zip and should be able to tell from that why the phantom user is occurring.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Software

Upcoming changes to epic fields in company-managed projects

👋 Hi there Jira Community! A few months ago we shared with you plans around renaming epics in your company-managed projects. As part of these changes, we highlighted upcoming changes to epics on...

14,103 views 34 44
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you