Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issues with AD user not syncing after email change

Chase Gonzales
Chase Gonzales November 1, 2022

User requested an email username change to reflect the name they go by, not their first name. User was in Confluence 7.13.7 prior to the email username change. Once the change happened with AD, the user was moved to "Unsynced from Directory". The user had never logged into Confluence so the unsynced user was deleted as part of troubleshooting the issue. Now after the AD sync, the user with old or new email username is not in the list of users. I have confirm the user has the correct roles, removed the roles from the user and added them back with no success. We are using OKTA for SSO and can see successful login attempts in the OKTA logs. Wondering if anyone has run into this issue or has any idea how to bring the user in to Confluence through the associated AD. If user attempts to log directly into Confluence and not through SAML, they receive a username and/or password are incorrect error.

Answer
Watch
Like Be the first to like this
1361 views

1 answer

0 votes
Benjamin
Benjamin
Community Champion
November 1, 2022

Hi @Chase Gonzales ,

 

OKta and SSO is probably not an issue. User definitely shouldn't be able to login directly as you mention earlier is that the user is not on the list and wasn't sync.

 

Changing the username will be an issue as that is the key identifier. The user profile e-mail field can be change since its an attribute. In order to change username, you must match up the config on Jira and LDAP(of whichever you are using for your AD).

 

https://confluence.atlassian.com/jirakb/modifying-ldap-username-or-samaccountname-creates-a-new-user-account-in-jira-server-826875550.html

 

-Ben

View More Comments
Chase Gonzales
Chase Gonzales November 2, 2022

Hello Ben,

We are using Confluence, not Jira if that makes a difference. The issue we are having is the user is no longer being created/sync'd. I have confirmed the User Unique ID Attribute value. The user was deleted from the "Unsynced from Directory" list of users. Could the attribute be stored somewhere not allowing the user to resync?

Like
Benjamin
Benjamin
Community Champion
November 2, 2022

HI @Chase Gonzales ,

 

No difference between the two in terms of AD syncing. Is the any new user being created? Want to make sure its still isolated at this point.

It may be stored in the DB. Try viewing the logs while sync the directory and see it there's any warnings or errors, it might gives some hints about conflicts.

Here's an article about Syncing issues when a user is deleted:

 

https://confluence.atlassian.com/jirakb/deleted-user-from-active-directory-is-not-synchronised-in-jira-service-management-application-1081352476.html

 

It may not be the exact situation but it may lead you to some options and ideas.

 

-Ben

Like
Chase Gonzales
Chase Gonzales November 3, 2022

Hello Ben,

 

We have confirmed that new users are being imported and changes to users are being sync'd. The only reference I can find for her account so far is under cwd_tombstone. Would this prevent the user from being re-imported?

Like
Benjamin
Benjamin
Community Champion
November 3, 2022

Hi @Chase Gonzales ,

 

Good Find. That would probably be it based on confluence data model:

 

https://confluence.atlassian.com/conf719/confluence-data-model-1157467603.html

According to the documentation for the cwd_tombstone table:

Records removed users, groups, memberships and aliases during incremental synchronization for external user directories.

Maybe worth to do a full resync before trying to remove the entry from the table.

 

-Ben

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.