How to reset password for all users in the Confluence internal directory from the database
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Credentials for all users in a Confluence internal directory can be reset via the Confluence database. This will force users within the directory to set a new password before logging in. The following instructions will only reset credentials for users within a single Confluence internal user directory. This process will require downtime.
Environment
Applies to the internal user directory in Confluence Server and Datacenter.
Solution
As with all external database operations and configuration changes, Atlassian recommends performing the following steps using a staging environment first, and backing up your instance before attempting in production.
Step 1: Mail Server
Ensure that your instance has a working mail server configured. Confluence will not allow user password resets without at least one mail server configured.
Test that your mail server is functional by clicking the Send test email link to the right of the configured mail server, and sending a test email to the email address associated with your current Confluence account. If you do not have a mail server configured, you can follow the guide in the Configuring a Server for Outgoing Mail knowledge-base article.
Do not continue without verifying that you can receive email from Confluence at the address associated with your Confluence account, as you could become locked out of the instance if you are unable to reset your password.
Shut down Confluence before continuing.
Step 2: Backup
Download a full backup of the database. This process will fully remove existing passwords from the database, rather than just marking users to require a password reset.
Step 3: Remove Existing Passwords
First, run the following query to find all available user directories:
SELECT * FROM cwd_directoryNext, find the ID of the Confluence internal directory, a 6-digit number. Then insert the directory id into the following query. This query will remove the password for all users in the directory.
UPDATE cwd_user SET credential = '' WHERE directory_id = 'PUT_DIRECTORY_ID_HERE'Start Confluence. All users in the internal directory will now be unable to log in until resetting their password.
Step 4: Log In
You will receive a password incorrect error when trying to log back in with your admin account. Click on the Forgot your password? link, and reset your password— Then log back in.
If you are unable to access an administrator account, you can enable recovery mode to allow temporary admin access to the instance using the recovery_admin user.
Step 5 (Optional): Password Reset Notification
When the credential field is missing for a user, Confluence will show a Wrong username/password prompt on the login screen. To add a system notification that can alert users to the password reset, follow the steps in our How to add a site-wide banner knowledge-base article.