Merge users when UPN changes in Active Directory

We have Jira/Confluence setup to use our LDAP server as the authentication server, using the user principal name as the name attribute and the object filter

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=atlass_company,ou=company,ou=company,dc=company,dc=local))

which allows us to login to our Atlassian products using our email address and domain password.

Due to some internal shuffling in our company, we have had to change the email addresses and subsequently the user principal names of a couple of our staff members. This has caused duplicate users to be created using the new UPN and email addresses, which means that we have exceeded our licence cap as well as all of the content created by those users is tied to an obsolete account.

Is there any way for us to merge these accounts, or to delete the old accounts that are no longer used?

4 answers

Hi Ryan,

The merging of accounts as you call it is not impossible, but it requires a lot of manual manipulation of the database and can lead to unexpected results.

The safest bet is going to be to disable user accounts that are no longer used. When you disable an account, any content the user has created will still be accessible, but that user should not be counted against the license count.

If there are a large number of users, you might want to use the Confluence CLI and script the removal of the users.

Due to the fact that this is an unsupported feature, we have decided to not to attempt to edit the database. The users have been disabled and everything is working, however we lost the ties between the users who's UPN changed and the content they had created.

hi

ADManager Plus is a comprehensive web-based Microsoft Windows Active Directory Management software that simplifies User provisioning and Active Directory administration with complete security. It provides a complete set of active directory management tools to administrators for efficient management of active directory. The solution features a single console from which IT management can view and manage Active Directory users, computers, contacts, groups and generate reports for all the domains, servers or any specific domain in Active Directory environment from a central location. ADManager Plus also enables the administrator to delegate repetitive, simple, time consuming tasks to non-administrative users / helpdesk in a completely secure manner and also allows for controlled automation of Active Directory. ADManager Plus avoids manual, error prone administrative activities on Active Directory and saves time and cost. IT administrators can now perform the following list of activities on their Active Directory using ADManager Plus.

Link:http://www.manageengine.com/products/ad-manager/active-directory-management.html

Hi Ryan, we're in the same boat. Did you ever find a way to resolve the new UPN problem?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

20,744 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you