Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can I sync multiple Active Directory Groups

Deleted user August 8, 2019

I’d like to be able to import groups from a specific Active Directory OU, and filter by a set prefix on the group name.  For each group that is found in AD, I’d like that group to be created in Jira (if it doesn’t already exist) and sync every user in that group.  If the user doesn’t exist in Jira, I want them added to base jira-user, as well as the group that it resides in, in AD. 
Is this possible using a User Directory connection?

Example:

AD GroupMembers
JIRA TEST 1Bob
Carol
Ted
JIRA TEST 2Alice
Flo
Mel
Sample 1Vera
Lynn

 

Group JIRA TEST 1 already exists in the JIRA internal directory.  If Bob, Carol or Ted aren't already in the internal group, I'd like them added.
Group JIRA TEST 2 doesn't exist in JIRA.  I'd like the group created in Jira (with the same name), and Alice, Flo and Mel put in that group.  Mel wasn't already in Jira, so I'd like him to be added to jira-users as well as JIRA TEST 2.
Group Sample 1 is left alone because it doesn't match my filter.

Answer
Watch
Like Nayeemuddin Khan likes this
3327 views

2 answers

3 votes
Deleted user August 27, 2019

Hi Brant,

Thanks for the reply.  I've tried adding the connector option, but I need to create a filter.  I don't have control over where the groups are being added in Active Directory, and there are hundreds of groups in there that I don't want.  I'm trying to filter based on a naming convention, but I can't get the filter to work.

The Group Object filter I'm using is similar to this: (&(objectClass=group)(cn=SAMPLE NAME PREFIX*))
This was based on a suggestion I saw in another help thread.

View More Comments
Cathrine Chanslor
Cathrine Chanslor
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 15, 2021

Hey Steve,

I know it has been quite some time since you posted this question. I am looking at a very similar situation and have been unsuccessful in finding a solution. 

Did you find a solution to this?

Thanks! 

Cathi

Like
Deleted user October 18, 2021

Hi Cathrine,

I'm using Jira version 8.5.17 and the LDAP options for the User Directory is better than the version I was on when I posted the question. 

I still don't have exactly what I was asking for, but I'm close.  I had to work with both Atlassian (via a service ticket) and my corporate Active Directory team to get to where I am.  Our AD is very complicated, but with the right filters, I have a limited number of groups syncing.  If a new user signs in, an account is created and their groups will sync.  

This option is "read only, with local groups".
Synchronizing data from external directories | Administering Jira applications Data Center and Server 8.5 | Atlassian Documentation

Like
Raimund Haag
Raimund Haag
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 6, 2022

Hello Steve,

I have the same requirement as you. I want to read groups form our AD with wildcard in the group name. Each group should be created in Jira if not already there and the group should contain the group members as in our AD. Is it possible for you to share you LDAP string so that we can see how it works.

Thanks,

Raimund 

Like
Reply
0 votes
Brant Schroeder
Brant Schroeder
Community Champion
August 8, 2019

Steve,

  You can sync multiple directories by properly configuring your base and group DN.  The active directory user directory will sit above the local user directory and will take priority.  You will need to put the jira-users group in the default group membership.  or if you do not plan on changing the groups that often you can add the ad group to application access to get the users access.

Atlassian's documentation on this can be found here: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.