Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Moving users between user directories in JIRA

Dolby Enterprise Apps
Dolby Enterprise Apps March 2, 2016

Is it possible to move users between JIRA user directories? We have an instance where we used LDAP to authenticate users using a directory for quite some time and have about 1500 users in it and a couple of key groups for authorization of global access, etc.

 

However, now we setup a Microsoft Active Directory setup and automatically setup new users into this new directory. But we also have groups in this new directory that are sync'd via AD management (done elsewhere). 

 

Is there a way to "move" the user accounts from the old directory such that they are sync'ing in from the new directory? We need to do this without ruining the users issue history and activity. We just want them syncing and managed from a single directory and using the groups from this new directory for clean setup in the authorization and permissions configuration in JIRA.

Answer
Watch
Like Be the first to like this
2044 views

2 answers

0 votes
Boris Georgiev [Appfire]
Boris Georgiev [Appfire]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2016

Have you checked this  guide ? https://confluence.atlassian.com/jira/migrating-users-between-user-directories-426116517.html

 

View More Comments
Dolby Enterprise Apps
Dolby Enterprise Apps March 2, 2016

Hi Boris, thanks for answering so quickly.

So the destination directory is a "Microsoft Active Directory (Read Only, with Local Groups)" and the origin directory is "JIRA Delegated Authentication Directory". The migration tool does not show the Microsoft one as an option to migrate users from the Delegated one. However, is that because I am logged into the "Delegated" directory with the user account I am using?

Also - the "Microsoft" one is setup to create users as they appear in certain sub-trees of AD and add them to an AD group that is also a JIRA group and that group is also sync'd into JIRA. Right now, we have this old directory and would just like to consolidate. But I have a feeling I have to remove the old user so that the account then "sync's" from the Microsoft one, but that would ruin the user history.

I am also looking at this perhaps  or something like it to experiment on our dev server: https://confluence.atlassian.com/jirakb/migrate-local-group-memberships-between-directories-289277867.html 

 

Overall our goal is to just move forward with users being setup in the corporate Microsoft AD environment and then automatically getting into JIRA without direct JIRA admin work for user setup.

Like
Boris Georgiev [Appfire]
Boris Georgiev [Appfire]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2016

Changing external user directories should not ruin the user history. If the user names are the same between both directories you can try setting your new directory to be with higher priority that the old one and disable the old one. JIRA will then authenticate users against the new one and if the usernames match everything will work. 

Basically JIRA copies all the users from external directories into its own database in a table that has username and directory ID as well as other fields which are not relevant in this dicussion. Any other objects (like issues, issue history) reference users by username, so it really does not matter where exactly the user comes from if the username is the same.

Try my suggestions in a staging/dev server and see what happens. Again - don't be afraid of loosing the history - it wont be removed if the user directory of the user is removed - if something goes wrong just bring back the user directory and sync it and the history will be fine.

Like
Boris Georgiev [Appfire]
Boris Georgiev [Appfire]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2016

Also log-in with a user from the internal directory before exploring the available user directory options/operations as JIRA would not allow you change the user directory against your user was authenticated.

Like
Reply
0 votes
Boris Georgiev [Appfire]
Boris Georgiev [Appfire]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 2, 2016

Are all the usernames and group names the same or you've changed something ?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.