Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I migrate from cloud to server and use AD for auth without losing mind?

Dave Scassa
Dave Scassa
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 24, 2018

We are using Jira cloud. We would like to migrate to Jira Server which isn't hard, but we are failing at attempting to migrate our users' accounts.  

Problem: When we add AD as the primary directory service we see either duplicate accounts created or we get a new single consolidated user account that essentially overwrites the migrated account. There are several variants of results based on configuration attributes at the directory service level. In most cases, overwrite occurs; and we lose user history.

Question: How should we 'migrate' to using AD as our primary account for authentication but still maintain the prior account and account history in Jira?

Answer
Watch
Like Be the first to like this
552 views

1 answer

0 votes
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 24, 2018

1 - Change the usernames in your cloud (source) instance so they match what the username will be for that user coming from AD, then migrate to server using your current method and let Jira create the users in an internal directory (don’t connect up AD first).

 

2 - Once you’ve got the content and user objects in server (target) Jira, add a new user directory that points to your AD and change the user directory order so AD is above the internal directory. 

 

Step 1 reassociates all (most of anyway) the content from old > new username. 

Step 2 then uses AD as the authentication method for the same user. Whatever the first user directory with the supplied username will be how it auths and gives that user access to anything created with that same username, even if it was done as a user in a different directory.

 

CCM

View More Comments
jeremylomas
jeremylomas
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 25, 2018

Thanks for the quick response, Craig! I have been trying this method, but it doesn't seem to work (for any, let alone most).

I can change the username to match, but it will  invariably create a new user (same user name, email address, display_name--everything, but of course different directory id).

I've been scouring the forums and documentation but can't find what I could be missing or mis-configuring...any thoughts?

Like
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 25, 2018

Hey Jeremy,

On the target system, if you import from your source system, the expected output is that it would create a user in the internal directory, then when you add the AD connector, it will create another user (same username) with a different directory_id

The Jira content is "owned" by the username though, not the userID (listen to all the DBAs scream here), so once the AD user directory is moved above the internal directory where you configure the user directories, that authentication will happen against AD.

While the second user being created in the DB may seem confusing, it's expected. What's happening in the UI itself? Can the new user login but not see any of the history? Can the user not even login? 

CCM

Like
jeremylomas
jeremylomas
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 25, 2018

That is correct--the user can log in with his AD credentials, but has no history--no assigned items, no groups, etc--the second account is only visible when querying the backend (PostgreSQL). In the UI, you can see the AD user that has never logged in.

Is that the expected behavior? Is there a way to then associate the AD account with the "old" user?

Thanks again for the response--it's much appreciated!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security