Learn how to make changes in your Active Directory right from within Jira
Active Directory Attributes Sync provides an additional post function called Update Data. This post function allows you to perform several actions directly on your LDAP server:
You can use the User Picker custom field only with attributes that meet the contains user condition.
Steps
To add the Update Data post function:
Result
The Update Data post function has been added to your workflow.
For more information on using post functions in a workflow, see the official Atlassian documentation.
The post function Update Data can also add comments to issues after every operation on your AD. It shows a confirmation when a change has been made or errors when the operation hasn’t been executed successfully.
You decide whether the comments should appear in the Customer Portal or only internally. You can also turn this function off so that no comments are generated.
You can set it up while adding the post function to a workflow. Choose one of these three options:
Using the Update Data post function, you can create new users in your AD directly from Jira.
When you create a user in AD using this post function, only the following attributes are synchronized:
All other attributes must be updated manually in your AD.
Steps
To create a user in AD:
| Parameter | Description |
|---|---|
| Custom field for username | Select a custom field to retrieve the username value from. |
| Custom field for user full name | Select a custom field to retrieve the user’s full name value from. |
| Custom field for user email | Select a custom field to retrieve the user’s email address value from. |
| Custom field for password | Select a custom field to retrieve the user’s password value from. |
| Object classes for user | Enter the name of the class used for the LDAP user object. For more classes, separate them with a comma (,). Default values: top, person, organizationalPerson, user. |
| User Base DN | Enter the subtree to which the user will be added. For example: cn=users,dc=example,dc=com. |
| User Attribute DN | Enter the RDN (relative distinguished name) attribute to use in DN (distinguished name) of the user in your LDAP server. This attribute will be used as username when loading the user in Jira. Learn more. Default value: cn. |
| Activate account on creation | Check this box to make the account instantly active. |
| Add user to group | Check this box to add user to an AD group. When the checkbox is checked, additional options appear: the Source value select list and the Create a group that doesn’t exist in AD checkbox. Learn more about them the Add user to AD group section. |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
Result
When an issue passes the selected transition, the chosen custom fields allow for creating a user in AD.
This post function mode allows for:
When typing a list of AD groups into a Text field, separate your entries with a comma (,) or a semicolon (;) with no spaces on either side.
While using the Add user to AD group action, make sure that the group information is placed in the Connection section. For more information, see Configuring connection settings.
Steps
To add users to AD groups:
| Parameter | Description |
|---|---|
| Affected user | Select a user who will be added to the Active Directory group. It can be Reporter, Assignee, Current user, or User from CF (for example, a User Picker (multiple users) that will allow you to select multiple AD users). |
| Source value | Select the specific Active Directory group to which the user will be added. Choose the Group name option to define the group right in the post function configuration. Select Group from CF to be able to use a custom field, for example a Group Picker (multiple groups). |
| Create a group that doesn’t exist in AD | Check this box to create a new group in AD. Details are described in the section. |
| Type group name | It is visible if only Group name in Source value is selected. Type in the name of a group which exists in your Active Directory. |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
The Create user in AD mode allows you to create and add users to AD groups in a single transition. This is the standard and most straightforward use case.
To create new users and add them to AD groups immediately:
When the post function is executed, a new user is created and added to the chosen AD group.
If you want to add users to AD groups at a different point than creating them, you will need to add the post function in the Create user in AD mode first and then add it again in the Add user to AD group mode to a later workflow transition.
In this case, you will need to manually synchronize AD with the Jira User Directory every time you create a user and before adding them to an AD group.
Here’s the actual workflow needed for this scenario to work:
A new user is created when the post function is executed. Then, in a different transition, the user is added to AD group.
With this post function mode, you can also create a new AD group and add users to it simultaneously. The necessary configurations steps are explained in the table below:
| Parameter | Description |
|---|---|
| Object classes for group | Default values for Microsoft Active Directory (top,group) are pre-populated. You can adjust them to work with your particular connection. |
| Additional attributes | Default values for Microsoft Active Directory ({"groupType": "2"}) are pre-populated. You can adjust them to work with your particular connection. |
| Groups Base DN | Type in your Group Base DN. In most cases it will be identical to the one that your provided in the details of your connection configuration. |
Result
Selected users can be added to selected (or newly created) AD groups.
There are three Jira fields that you can use to determine which user should be added to a group:
If the user you’d like to add doesn’t match any of the options above, you can use a custom field.
Steps
To add a user from a custom field:
Create a Text Field (single line) custom field.
Type in the word Username as the custom field’s name (or choose a different one that will be easy to find)
Add the post function Deviniti [Active Directory Attributes Sync] - Update Data > Add user to AD group to your project’s workflow.
Select the Username custom field from the drop-down list next to Affected user.
Type the user’s AD username into the text field in the issue view.
Result
The selected user is added to the chosen AD group.
To add more users to the group, use the User Picker (multiple users) custom field.
Steps
To update a user’s attribute in AD:
| Parameter | Description |
|---|---|
| Affected user | Select a user. It can be the Reporter, Assignee, Current user or a chosen custom field. |
| Field | Select a LDAP field containing the value of the user’s attribute in Active Directory. |
| New value | Select a Jira custom field containing a new value for this attribute. You may also choose a static value. |
| Type attribute value | It is visible only when a static value is selected in the New value field. Type in the value which will update selected user’s attribute. |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
Managing user passwords in AD requires special conditions. Learn how to meet them in the official Microsoft documentation.
Steps
To reset the user’s Active Directory password:
| Parameter | Description |
|---|---|
| User field | Select user whose password should be reset. You can choose one of those: Assignee, Reporter, User Picker (single user), or User Picker (multiple users). |
| Custom field for new password | Select a custom field for the new password (it should be a Text field). |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
Steps
To disable or enable user’s Active Directory account:
| Parameter | Description |
|---|---|
| Operation | You can choose on of those: Enable User or Disable User. |
| User field | Select field / custom field which contains user. Assignee, Reporter, User Picker (single user), or User Picker (multiple users). It can also be a Text field but it’s necessary to store the userName attribute. |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
Steps
To remove a user from an Active Directory group:
| Parameter | Description |
|---|---|
| Affected user | Select the user who will be removed from the chosen Active Directory group. It can be Reporter, Assignee, Current user, or User from CF (for example, a User Picker (multiple users)). |
| Source value | Select the specific Active Directory group from which the user will be removed. Choose the Group name option to define the group right in the post function configuration. Select Group from CF to be able to use a custom field, for example a Group Picker (multiple groups). |
| Type group name | It is visible only after selecting Group name as the Source value. Type in the name of a group which exists in your Active Directory. |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
While using the Remove use from AD group action, ensure the group information is in the Connection section. For more information, see Configuring connection settings.
This operation allows you to unlock an AD account that has been locked, for example after a user provides a wrong password too many times.
Steps
To be able to unlock a user account in Active Directory:
| Parameter | Description |
|---|---|
| User field | Select the user whose account should be unlocked. It can be Reporter, Assignee, Current user, or User from CF (for example, a User Picker (multiple users)). |
| Show post-function execution results as a comment | Go to the Comment settings for more information. |
It’s not possible to lock a user account with this post function. An AD account can be locked only after a certain number of failed login attempts, which can be defined in your Active Directory.
If you can’t find the answer you need in our documentation, raise a support request.
