Active Directory synchronization does not seem to remove all users.

Riksbyggen Infra March 24, 2021

We changed the ldap filter on our Jira instance to reduce the number of users that can login. However only about half of the users I would have expected to disappear did so. Allthough users who do not match the ldap filter cannot login. So two questions really.

1) Why did not the expect number of users disappear

2) Will Atlassian consider those users as "active" for licensing purposes, even though thay cnnot login.

2 answers

0 votes
Andreas Lorz March 25, 2021

Hi @Riksbyggen Infra ,

Regarding 1) In my experience this depends on what the user 'left behind' in Jira. Let me first explain how I understood jira in this situation. Jira keep it's own internal directory where users will be created and syncnt with the AD / LDAP connection. When users disapear from the AD jira will notice but have two different behaviours.

First. When users have never logged in into jira and have no issues assigned and so on. Then this user will also be removed from the internal directory.

Second option. The user (from time he/she had access) created issues, filter, boards. Made comments and so, then this user will not be removed from the internal directory. This is because jira need this entry. However, jira will mark that users with an [x] behind the displayed name - make it "inaktiv"

This is how I understood it. Maybe some from atlassian-Team can further clarify.

Riksbyggen Infra March 25, 2021

That does indeed appear to be the case. tyvm!

Like Andreas Lorz likes this
0 votes
Laurens Coppens
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 24, 2021

Hi and welcome to the atlassian community,

 

1) Do the users you expected to disappear still have the AD listed next to their user in the column directory? If yes, and you are sure that they had to be removed, you can try to restart the server, this will clear the user cache.

2) Every user that is listed active in jira and who is a member of the groups that have application access, will be counted for your licensing, even when AD does not allow a login, if they are active, they count.

To check which groups are counted, you can check "application access" in jira administration.

 

Hope this helps,

Laurens

Suggest an answer

Log in or Sign up to answer