Managing groups in Confluence Data Center
This insight appears when your group count exceeds the recommended guardrail of 20,000 groups. Groups in Confluence help manage permissions and access across your instance. The groups metric tracks the total number of groups across all directories - both internal Confluence groups and those synchronized from external directories like LDAP or Active Directory.
Thresholds: | |
|---|---|
Optimal | Less than 20,000 groups |
Approaching limit | Between 20,000-30,000 groups |
Exceeding limit | Greater than 30,000 groups |
How does high group count affect performance?
Having too many groups can impact your instance in several ways:
Slower directory synchronization and user authentication
Degraded performance in space and page permission checks
Unresponsive administration screens
Increased system resource consumption
Potential impact on collaborative features
What's the recommendation?
To optimize your group count and maintain performance, follow these steps:
Analyze group distribution
Before making changes, understand your current group distribution:
Go to Administration > System Information
Download the support zip file
Run this query to analyze group distribution across directories:
SELECT directory_name, count(*) FROM cwd_group cg join cwd_directory cd on cg.directory_id = cd.id group by directory_name;Delete empty or unused groups
Start by identifying and removing unnecessary groups:
Go to Administration > User Management > Groups
Review groups with:
Zero members
No space permissions
No page restrictions
For each potential group to delete:
Verify it's not used in space permissions
Check for page restrictions using this query:
SELECT DISTINCT(GROUPNAME) FROM CONTENT_PERM WHERE GROUPNAME IS NOT NULL;
4. Select the group and choose Delete
Configure directory synchronization
If using LDAP/Active Directory, optimize your synchronization settings:
Navigate to Administration > User Management > User Directories
Select your LDAP directory
Configure group filters:
Review and adjust Base DN
Set appropriate Group Object Filter
Test configuration in staging environment
Enable incremental synchronization (Microsoft Active Directory only)
Select Enable Incremental Synchronization
Ensure sync account has required permissions:
Read access to uSNChanged attribute
Access to Active Directory deleted objects container.
This approach significantly reduces sync times compared to full synchronization, as it only processes changes rather than all directory data.
Connecting to an LDAP Directory | Confluence Data Center 9.5 | Atlassian Documentation
Implement preventive measures
Establish ongoing maintenance practices:
Group naming conventions
Use consistent prefixes (e.g., "SPACE-" for space-specific groups)
Include meaningful identifiers
Document conventions for team reference
Regular maintenance
Schedule quarterly group audits
Review group usage patterns
Monitor group growth trends
Document group purposes and ownership