Crowd shows inactive users from Active Directory as active
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Users in an Active Directory have been marked as inactive, but even after a successful sync, they still show up as 'active' in Crowd
Diagnosis
Environment
Crowd integrated with an Active Directory instance, as a 'Connector' (non Delegated) directory.
Diagnostic Steps
Generate an LDIF from your Active Directory instance
- Check which field in Active Directory is being used to mark the user as 'inactive' vs 'active'.
Cause
Crowd bases the active/inactive flag upon the UserAccountControl
field. It is possible that you may be using a different field to set the status of users. This field is not currently customizable in Crowd, though there is a feature request for it.
Workaround
Manually set users as 'inactive' in Crowd
Resolution
- Ask your Active Directory team to begin using the
UserAccountControl
field.