Export Azure Active Directory Users & Groups and Import into Crowd

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This How-To Guide has been written as a workaround for this bug: CWD-5192 - Azure AD synchronisation remove membership

This guide will instruct a Crowd administrator how to export users and groups from Azure Active Directory for the purpose of then importing this data into Atlassian's Crowd identity management software. Finally, it will allow users to logon without using Azure Active Directory for authentication, because the users will be definined locally in Crowd.

Solution

Export of Users & Groups from Azure Active Directory

  1. Save the following code as ExportOffice365UsersAndGroups.ps1: (Thanks to Cleito for this script!)

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 # ODCC options # See https://www.cleito.com/products/odcc/documentation for more details # odcc.remove.domain.in.username # e.g. $false $odccRemoveDomainInUserName=$true # odcc.fetch.users.from.groups # e.g. @("Paris_Users","London_Users") $odccFetchUsersFromGroups=@() # odcc.limit.groups # e.g. @("jira-software-users","confluence-users") $odccLimitGroups=@() # Functions Function get-users-from-groups($groupNameList=@()){ $userList=@() if ($groupNameList.count -gt 0){ foreach($groupName in $groupNameList){ $group=Get-AzureADGroup -Filter "displayName eq '$groupName'" $groupMembers=Get-AzureADGroupMember -ObjectId $group.objectId | Where-Object {$_.objectType -eq 'User'} foreach($user in $groupMembers){ if ($userList -notcontains $user){ $userList += $user } } } }else{ $userList=Get-AzureADUser -All $true } return $userList } Function fetch-users { $UserResults=@() $userList=get-users-from-groups($odccFetchUsersFromGroups) foreach($user in $userList){ $userName=$user.userPrincipalName if ($odccRemoveDomainInUserName){ $userName=$userName.Split("@")[0] } $UserProperties = @{ UserName=$userName FirstName=$user.givenName LastName=$user.surname EmailAddress=$user.mail Password=random-password } $UserResults += New-Object psobject -Property $UserProperties } return $UserResults } Function fetch-group-memberships { $GroupMembershipResults=@() $userList=get-users-from-groups($odccFetchUsersFromGroups) foreach($user in $userList){ $userGroups=Get-AzureADUserMembership -All $true -ObjectId $user.objectId foreach($userGroup in $userGroups){ $userName=$user.userPrincipalName if ($odccRemoveDomainInUserName){ $userName=$userName.Split("@")[0] } if (($odccLimitGroups.count -eq 0) -or (($odccLimitGroups.count -gt 0) -and ($odccLimitGroups -contains $userGroup.displayName))){ $UserGroupMembershipProperties = @{ UserName=$userName GroupName=$userGroup.displayName } $GroupMembershipResults += New-Object psobject -Property $UserGroupMembershipProperties } } } return $GroupMembershipResults } # Thanks to https://blogs.technet.microsoft.com/herbchung/2015/04/14/how-to-exportimport-the-identity-from-azure-ad-to-local-ad/ Function random-password ($length = 8) { $punc = 46..46 $digits = 48..57 $letters = 65..90 + 97..122 $password = get-random -count $length ` -input ($punc + $digits + $letters) | % -begin { $aa = $null } ` -process {$aa += [char]$_} ` -end {$aa} return $password } # Main Connect-AzureAD fetch-users | Select-Object UserName, FirstName, LastName, EmailAddress, Password | Export-Csv -Encoding UTF8 -NoTypeInformation -Path 'users_file.csv' fetch-group-memberships | Select-Object UserName, GroupName | Export-Csv -Encoding UTF8 -NoTypeInformation -Path 'group_memberships_file.csv'

  2. Open Microsoft Powershell as Admin

  3. Execute in PowerShell: Install-module azuread

    1. You must select Yes to any additional modules that need to be installed

  4. Execute the export script, downloaded in step one, in PowerShell: ./ExportOffice365UsersAndGroups.ps1

    1. You will be prompted for a username & password. You may use any Azure AD account, it does not have to be an administrative account.

  5. After the script has finished running, verify the CSV files in your local path:

    1. users_file.csv

    2. group_memberships_file.csv

  6. Please note that the passwords included in users_file.csv have been randomly generated by the script.

Import Users & Groups into Crowd

  1. Log in to the Crowd Administration Console.

  2. This step is an optional process to create a new Internal Crowd directory, with the intent to not create a mess in an existing directory.

    1. Click the 'Directories' link in the top navigation bar.

    2. Click 'Add Directory' link on the left bar.

    3. Click Next, Leave the default 'Internal' directory type selected

    4. Input a name of the new directory: 'ManualImportAzure'

    5. Click 'Continue'

    6. Click 'Update'

  3. Click the 'Users' link in the top navigation bar. This will display the User Browser.

  4. Click the 'Import Users' link. This will display the 'Import Type' screen.

  5. Click 'Next'

  6. Click the 'CSV Importer' button. This will display the 'Configuration' tab of the 'CSV Importer'.

  7. Select the appropriate target user directory where the import process will place the new users & groups.

  8. Enter the details of the CSV files. For additional guidance: 'Configuring the CSV Importer'.

  9. Click 'Continue'

  10. Use the drop downs to map the fields in your CSV files to the Crowd user and group attributes: [Mapping CSV Fields to Crowd Fields|https://confluence.atlassian.com/crowd/mapping-csv-fields-to-crowd-fields-65437705.html]

  11. Click 'Continue'

  12. Confirm the configuration for your import

  13. Click 'Continue'

  14. The next screen shows the number of users & groups imported during the import process. If there are failures please consult the log files.

  15. Please note that Crowd's CSV importer does not support nested groups. Therefore you will have to manually add groups as other groups' members when the import is over.

Allow Users to Login to Atlassian Applications using the new accounts, removing integration with Azure AD

  1. For each of your applications (e.g. Jira, Confluence), add the directory in which you imported your users and groups to the list of authorized directories (in first position). Please also make sure to add the required groups to the list of authorized groups for your applications.

  2. Finally, make sure that your users can log onto your applications using the passwords that were randomly generated by the script.

Updated on April 11, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community