Users from subgroups in AD are not shown when using a User Object Filter


We are using a User Object Filter in the "User Schema Settings" to limit the Users.

Users in a group jira_users are found. If a user Michael is in a group team_a and team_a is a member in jira_users Michael is not shown in jira. If Michael is direct member in jira_users he is shown in jira.

When we look for Michael in "Users" all groups and nested group memberships are shown correctly.

We need the ability to use nested groups in the filter.


Limiting the Users by using "Additional User DN" does not limit the Users.

Is this a decision by design or an error?

4 answers

1 accepted

4 votes

Hey Christian,

We created an Improvement Request for this particularly problem. You can see it here:

My suggestion is to vote on this request and add yourself as a watcher to receive future updates regarding this case. You can add some comments there also, it will reach the developers directly.

2 votes

Hello guys,


In case anyone is still facing this issue:

What happens is that Confluence does not retrieve the subtrees of the user filter you set. So, basically Confluence is only looking for the users that are "memberOf" confluence-users, and not the ones that are memberOf subtrees within the confluence-users group.
However, Microsoft Active Directory (AD) has a specific string that you can add to your filter so that it will look the subtrees as well. For example:


Please, refer to this official Microsoft documentation in case of any questions.


I hope it helps smile

Best regards,

Eduardo Mallmann

Thanks a lot!! This was what I was looking for since hours!

Hi Christian,

I've run some tests locally and was able to confirm that JIRA doesn't pull in nested members of a group that is in the search filter. Basically it only searches for the attribute memberOf into the group that is declared in the search filter.

An alternative is include the nested groups into the User Object Filter as the following example:



Adding the nested groups is nice if you have a stable and limited number of groups.

If the creatiung of new groups is rife in your organisation then this is no solution. You would'nt want to fix your LDAP-Filter on a weekly basis; this would be an administrative nightmare...

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

883 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you