How to synchronize only users and not groups from Active Directory into Jira
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Description
This knowledge base article describes how to allow synchronization of users only, without importing any groups, from Active Directory into Jira.
Workaround #1
SelectDirectory Type: (Read Only, with Local Groups) in Jira user directory configuration.
Create a dummy OU (Organizational Unit) in your Active Directory which is empty and has nothing inside it. Example: ou=NoWhere.
Set your base DN as you would normally do. Example: dc=example,dc=com.
Set the Additional Group DN to the dummy OU. Example: ou=NoWhere.
ℹ️ Refer Create a New Organizational Unit in your Active Directory.
Workaround #2
Select Administration
> User Management > User Directory
Edit your Active Directory server > Group Schema Settings
Set "Group Object Filter" with a value that matches nothing, so no groups will be imported from your AD.
For example:
Group Object Filter: (objectCategory=GroupNoFilterMatch)
Save
After the next User Directory synchronization, all Groups from the AD will be removed from Jira automatically.
⚠️ We strongly recommend you do this first in a non-production, staging or test environment before. Make sure you take a Jira backup before proceeding
Was this helpful?