Crowd shows inactive users from Active Directory as active

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Users in an Active Directory have been marked as inactive, but even after a successful sync, they still show up as 'active' in Crowd

Diagnosis

Environment

  • Crowd integrated with an Active Directory instance, as a 'Connector' (non Delegated) directory.

Diagnostic Steps

  • Generate an LDIF from your Active Directory instance

  • Check which field in Active Directory is being used to mark the user as 'inactive' vs 'active'.

Cause

Crowd bases the active/inactive flag upon the UserAccountControl field. It is possible that you may be using a different field to set the status of users. This field is not currently customizable in Crowd, though there is a feature request for it.

Solution

Workaround

  • Manually set users as 'inactive' in Crowd

Resolution

  • Ask your Active Directory team to begin using the UserAccountControl field.

Updated on April 2, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community